1
Is there any way to prevent SQL attacks on $_POST, whereas he gets every kind of value, url, name, date and some special characters.
I’m using the plugin x-Editable (former Bootstrap Editable).
include_once("connection.php");
try {
$DBH = new PDO("mysql:host=$host;dbname=$dbname", "$user", "$password");
}catch(PDOException $e_msg) {
echo $e_msg->getMessage();
}
$pk = $_POST['pk'];
$name = $_POST['name'];
$value = $_POST['value'];
$sql = "UPDATE confvar1 ".
"SET $name='$value' ".
"WHERE vid_name_id = '$pk'";
$STH = $DBH->exec($sql);
The page index php. send via post.
$(document).ready(function() {
$.fn.editable.defaults.mode = 'popup';
$('#content a').editable({
ajaxOptions : {
type : 'post'
},
url: 'post.php'
});
});
Any optimization is welcome.