Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Inserting row - anti spammer

Options
  • 10-06-2006 3:42pm
    #1
    wheres me jumpa
    Registered Users Posts: 4,478 ✭✭✭


    Guys,

    I want a user to add a row to db. In this row is yes/no field to determine whether it is published or not. When a row is entered an email is sent to myself and if it is appropriate I set this field to Yes.

    Before what i would do is just get the info via email and enter it myself but I recieved alot of spammers trying to add links to my site. Links to the usual crapola, healthcare, viagra, dating etc.

    With this in mind are there any dangers to allowing user direct access to an insert statement?


Comments

  • Options
    #2
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Not if the resultant data isn't going to be displayed/utilised without approval.

    However you should make sure the input is clean anyway -- google for "sql injection" for methods.

    adam


  • Options
    #3
    wheres me jumpa
    Registered Users Posts: 4,478 ✭✭✭wheres me jumpa


    Thanks Ken,

    Rather than start another thread anyone want t try explain this one for me.

    Im using a while loop in php to output rows form DB but it is displaying one less than it should each time. The sql statement is fine in phpymyadmin.
    		echo"<tr><td class=tdBottom><b>Act</b></td><td class=tdBottom><b>Category</b></td></tr>";
		while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
			echo"<tr><td colspan=3>&nbsp;</td></tr>";
			echo"<tr><td width=160>" . "<a href=acts.php?aid=" . $row['act_id'] . ">" . $row['act_name'] . "</a></td><td>" . $row['act_category'] . "</td></tR>";
			echo"<tr><td class=tdBottom colspan=3>&nbsp;</td></tr>";
		}


  • Options
    #4
    Webmonkey
    Registered Users Posts: 9,579 ✭✭✭Webmonkey


    By any chance you using the $result sql query before you get. You may have used it somewhere making the result forward one row. Try placing this before the while loop:

    [php]mysql_data_seek($result, 0);[/php]

    Edit:

    actually try this:
    just a little different looking.
    [php]

    mysql_data_seek($result, 0);
    $row = mysql_fetch_assoc($result);

    do
    {

    echo"<tr><td colspan=3> </td></tr>";
    echo"<tr><td width=160>" . "<a href=acts.php?aid=" . $row . ">" . $row . "</a></td><td>" . $row . "</td></tR>";
    echo"<tr><td class=tdBottom colspan=3> </td></tr>";

    } while($row=mysql_fetch_assoc($result));
    [/php]


  • Options
    #5
    wheres me jumpa
    Registered Users Posts: 4,478 ✭✭✭wheres me jumpa


    Webmonkey wrote:
    By any chance you using the $result sql query before you get. You may have used it somewhere making the result forward one row. Try placing this before the while loop:

    Excellent Monkey, thanks, I was actually using $result beforehand.


Advertisement