Updated 1/7/2020 at 7:45pm
Homework #11: Database Security
- Remember to follow all the standard Homework Requirements.
- This assignment will demonstrate:
- Protecting your database from the bad guys
-
Add some statements to the action code from the previous assignment,
which will prevent
the bad guys from putting bad stuff into your Products table.
-
To be more specific, you will want to use these three strategies in your action code that adds records
to your Products table: (You might already be using some of these strategies.)
- Use sprintf() to build your query string, with place-holders and separate input values/variables.
- Use the real_escape_string() mysqli function on your string/text input ($_POST) values.
- Include the "Catching SQL Injection" include files in your action code for the Products table insert.
-
If you use the "include" pages from the "Catching SQL Injection" section of the e-handout,
please LEAVE THE E-MAIL as it is, meaning: I want to get the notification e-mails for this
assignment! (You may put in your own email address if you wish, and put mine back in there when
you are done testing.)
-
Upload your pages to your class Web site.
-
TEST your pages! Try to add some "bad" values to your Products table.