'Nother PHP/MYSQL Question

Discussion in 'OT Technology' started by k2737, Jan 12, 2006.

  1. k2737

    k2737 Active Member

    Joined:
    Nov 29, 2004
    Messages:
    3,324
    Likes Received:
    0
    Location:
    Ft Lauderdale
    So I got my little file hosting site to operate as desired and now I am wondering if I have to do anything to protect against two users opening the database at the same time or anything like that. I understand the odds of someone doing it is slim but I want to be sure. In the code whenever a database is opened it is closed right after the query returns the info. Are there any safeguards to protect against getting an error or something? I have been trying to get it to hiccup for a while and haven't but I imagine it could. I am already checking to make sure a file exists before deleting/downloading and stuff like that incase another user(logged in as the same name) deletes the file right before another tries to download it.

    You guys are awsome btw, :bowdown:
     
  2. critter783

    critter783 OT Supporter

    Joined:
    Jul 15, 2005
    Messages:
    1,785
    Likes Received:
    0
    mySQL will take care of concurrent users hitting the database, so you don't have anything to worry about there. Just make sure you are building your queries with parameters instead of by concatenating strings, or else you leave yourself open to what is called SQL injection, and that is really the most dangerous vulnerability for someone in your situation.
     
  3. k2737

    k2737 Active Member

    Joined:
    Nov 29, 2004
    Messages:
    3,324
    Likes Received:
    0
    Location:
    Ft Lauderdale
    So am I safe by having my sql query set to a variable then inserting the variable into the mysql_query() function?
     
  4. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,915
    Likes Received:
    8
    Location:
    Los Angeles
    As long as that variable isn't alterable by the user in any way, you should be fine.
     
  5. k2737

    k2737 Active Member

    Joined:
    Nov 29, 2004
    Messages:
    3,324
    Likes Received:
    0
    Location:
    Ft Lauderdale
    I am pretty sure they can't but I will go through all my code to make sure, thanks!
     
  6. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,915
    Likes Received:
    8
    Location:
    Los Angeles
    You never know. :run:

    (Breifly recalls security professor poorly coding his exam software)
     

Share This Page