Because of SQL-Injections you should use prepared statements instead of a raw query in mysql_query("INSERT INTO upload VALUES(NULL, '$nama')");. That's just careless...
You are viewing a single comment's thread from:
Because of SQL-Injections you should use prepared statements instead of a raw query in mysql_query("INSERT INTO upload VALUES(NULL, '$nama')");. That's just careless...
I think it's not a problem, because it's just a simple web, I still use mysql database.
Hi @lapulga,
@drookyn is right. Would you please customize your code to leave no vulnerabilities open.
By the way, can you please tell me where you got the code from, because some code snippets seem very familiar to me? Is this all your work?
@vladimir-simovic this is my work, and this code is my lecture material
Did you also, as suggested, fix the possible security issue? If not, I can't approve your contribution.
oke sir @vladimir-simovic
@vladimir-simovic thanks for the advice
Of course it's a problem! You teach outdated knowledge without telling, that there's a alternative one have to use if they plan to use the "simple web".
And "mysql database" can still be used...Just have a look here.