Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f3474e1

Browse filesBrowse files
weaverryanweaverryan
committed
Merge branch '2.0'
2 parents 0683a4b + 0dc3bd5 commit f3474e1
Copy full SHA for f3474e1

File tree

Expand file treeCollapse file tree

1 file changed

+2
-2
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+2
-2
lines changed

‎book/from_flat_php_to_symfony2.rst

Copy file name to clipboardExpand all lines: book/from_flat_php_to_symfony2.rst
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -263,7 +263,7 @@ an individual blog result based on a given id::
263263
{
264264
$link = open_database_connection();
265265

266-
$id = mysql_real_escape_string($id);
266+
$id = intval($id);
267267
$query = 'SELECT date, title, body FROM post WHERE id = '.$id;
268268
$result = mysql_query($query);
269269
$row = mysql_fetch_assoc($result);
@@ -308,7 +308,7 @@ this page introduces even more lingering problems that a framework can solve
308308
for you. For example, a missing or invalid ``id`` query parameter will cause
309309
the page to crash. It would be better if this caused a 404 page to be rendered,
310310
but this can't really be done easily yet. Worse, had you forgotten to clean
311-
the ``id`` parameter via the ``mysql_real_escape_string()`` function, your
311+
the ``id`` parameter via the ``intval()`` function, your
312312
entire database would be at risk for an SQL injection attack.
313313

314314
Another major problem is that each individual controller file must include

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.