- Posts: 5
COMMUNITY FORUM
Please check my code
- Nairda
-
Topic Author
- Offline
- New Member
Less
More
8 years 9 months ago #156398
by Nairda
Please check my code was created by Nairda
Hello,
I'm sorry for my English. I have album=(id of article) in URL on custom php site in Joomla. Next I tried to use this code:
Is it safe? I found this on stackoverflow:
I want to get k2 item's title from url in custom php site (own gallery of photos), but I'm worry about safe. Please help. Thank you.
I'm sorry for my English. I have album=(id of article) in URL on custom php site in Joomla. Next I tried to use this code:
<?php
$id = $_GET['album'];
$db = JFactory::getDBO();
$query = "SELECT * FROM #__k2_items WHERE id=$id AND published=1";
$db->setQuery($query);
$rows = $db->loadObjectList();
?>
<?php foreach($rows as $row): ?><?php echo $row->title; ?><?php endforeach; ?>Is it safe? I found this on stackoverflow:
P.S: Also remember - never do like this: $results = mysql_query("SELECT * FROM next WHERE id=$id"); it may cause MySQL Injection and your database can be hacked.
Try to use:
$results = mysql_query("SELECT * FROM next WHERE id='".mysql_real_escape_string($id)."'");
I want to get k2 item's title from url in custom php site (own gallery of photos), but I'm worry about safe. Please help. Thank you.
Please Log in or Create an account to join the conversation.
- Krikor Boghossian
-
- Offline
- Platinum Member
Less
More
- Posts: 15920
8 years 9 months ago #156407
by Krikor Boghossian
Replied by Krikor Boghossian on topic Please check my code
The only thing i would change is put the code in an if statement.
if ($_GET).. execute the rest of the code.
The rest is pretty much standard Joomla! code.
if ($_GET).. execute the rest of the code.
The rest is pretty much standard Joomla! code.
Please Log in or Create an account to join the conversation.
- Mohamed Abdelaziz
-
- Offline
- Platinum Member
- Joomla Developer
8 years 9 months ago #156419
by Mohamed Abdelaziz
Multiple Extra Fields Groups for K2
AutoMeta for K2
Chained Fields for K2
More K2 Extensions In My Extensions Store
Replied by Mohamed Abdelaziz on topic Please check my code
Hi Nairda,
The first point of the Secure coding guidelines of Joomla is to use JInput when you want to get data from the request, so it is recommended to useInstead of
Specially if you are working on Joomla 3+
The first point of the Secure coding guidelines of Joomla is to use JInput when you want to get data from the request, so it is recommended to use
$id = JFactory::getApplication->input->getInt( 'album');$id = $_GET['album'];Specially if you are working on Joomla 3+
Multiple Extra Fields Groups for K2
AutoMeta for K2
Chained Fields for K2
More K2 Extensions In My Extensions Store
Please Log in or Create an account to join the conversation.
- Nairda
-
- Offline
- New Member
Less
More
- Posts: 5
8 years 9 months ago #156452
by Nairda
Replied by Nairda on topic Please check my code
Hi,
thank you for your answers :)
@Krikor
all the code now looks like this:
is this correct?
@Mohamed Abdelaziz
after change to your line, i have blank page and info: "syntax error, unexpected '->' (T_OBJECT_OPERATOR)" :(
thank you for your answers :)
@Krikor
all the code now looks like this:
<?php
if ($_GET) {
$id = $_GET['album'];
$db = JFactory::getDBO();
$query = "SELECT * FROM #__k2_items WHERE id=$id AND published=1";
$db->setQuery($query);
$rows = $db->loadObjectList();
<?php foreach($rows as $row): ?><?php echo $row->title; ?><?php endforeach; ?>
}
?>is this correct?
@Mohamed Abdelaziz
after change to your line, i have blank page and info: "syntax error, unexpected '->' (T_OBJECT_OPERATOR)" :(
Please Log in or Create an account to join the conversation.
- Krikor Boghossian
-
- Offline
- Platinum Member
Less
More
- Posts: 15920
8 years 9 months ago #156456
by Krikor Boghossian
Replied by Krikor Boghossian on topic Please check my code
Can you share the exact code which generates the error?
Please Log in or Create an account to join the conversation.
- Mohamed Abdelaziz
-
- Offline
- Platinum Member
- Joomla Developer
8 years 9 months ago #156457
by Mohamed Abdelaziz
Multiple Extra Fields Groups for K2
AutoMeta for K2
Chained Fields for K2
More K2 Extensions In My Extensions Store
Replied by Mohamed Abdelaziz on topic Please check my code
Ok, what is your PHP and Joomla version?
You can try this:
You can try this:
$app = JFactory::getApplication();
$id = $app->input->getInt('album');Multiple Extra Fields Groups for K2
AutoMeta for K2
Chained Fields for K2
More K2 Extensions In My Extensions Store
Please Log in or Create an account to join the conversation.
- Nairda
-
- Offline
- New Member
Less
More
- Posts: 5
8 years 9 months ago #156477
by Nairda
Replied by Nairda on topic Please check my code
I have Joomla 3.6.0 on PHP 7.
Mohamed, your solution is good :) Whole code after your and Krikor's changes:
I hope the code is safe now. Thank you! :)
Mohamed, your solution is good :) Whole code after your and Krikor's changes:
<?php
if ($_GET) {
$app = JFactory::getApplication();
$id = $app->input->getInt('album');
$db = JFactory::getDBO();
$query = "SELECT * FROM #__k2_items WHERE id=$id AND published=1";
$db->setQuery($query);
$rows = $db->loadObjectList();
<?php foreach($rows as $row): ?><?php echo $row->title; ?><?php endforeach; ?>
}
?>I hope the code is safe now. Thank you! :)
Please Log in or Create an account to join the conversation.
- Krikor Boghossian
-
- Offline
- Platinum Member
Less
More
- Posts: 15920
8 years 9 months ago #156484
by Krikor Boghossian
Replied by Krikor Boghossian on topic Please check my code
Looks nice.
You can also try since the code will be most likely executed if there is any $_GET value, not just the album one.
You can also try since the code will be most likely executed if there is any $_GET value, not just the album one.
if($_GET["album"] != null) {
...Please Log in or Create an account to join the conversation.