Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Apr 2008
    Thanked 0 Times in 0 Posts

    How safe is js and mysql?

    I'm intermediate with php, but noob with mysql and javascript.

    I want to write a voting script for the posts on my site. If users want to give the post a pat on the back, they can click a little button and up pops a messagebox that says something like, if you liked this post, click 'yes', or click 'no' to cancel.

    And then if they clicked 'yes', then into the post's column in my database goes: time of day and ip address, and the current count gets incremented by 1.

    My question: what do I need to do to protect my db from malicious users?

    Of course, I don't want anyone to be able to do anything to the db, but I also do not want a bot to come along and vote for every single post, or for a bot to vote for one post a million times. And of course, I don't want someone to manipulate the code to do or access other things inside my server.

    I'm not asking for specific bits of code, just the general concepts.


  • #2
    Regular Coder
    Join Date
    Sep 2007
    AZ, USA
    Thanked 46 Times in 46 Posts
    Js is virtually unprotectable. There are various character-encoders and compressers like this one which will might put off the casual hacker, but a determined individual could get around this, ie by going to that website and and decrypting/decompressing it.

    Sql has a bit more security. The most basic thing that you want to watch out for is SQL injection attacks, which generally occurs when the hacker inputs into a field (which would be later used in a database) some sql code. I probably didn't explain that very well, but wikipedia has a good article on the topic, or you could just google it.


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts