||The Practicality of OO PHP|
There are some key security flaws with this database example used here, that unless you take some strong precautions you'll be in a lot of trouble.
The example doesn't specially have a connection function (might have been left out for simplicity) but the reader might assume that its ok to put the mysql_connect method and all the password/login in the DataExtraction() (or in __construct() for php5). This is terrible because assuming common setup, I can simply
and then call your function. Even worse, I can now execute any SQL command I want considering the nature of mysql_query.
There are something’s that you can do to prevent this from happening, like:
Showing messages 1 through 3 of 3.
2005-08-11 01:06:17 polarizer [View]
2005-08-11 01:05:41 polarizer [View]
2005-08-02 13:28:43 mr_peanut [View]