0

I've got this:

foreach($_POST['pos'] as $value) {
   $new_value = "UPDATE users SET regnr='" . $value . "' 
   WHERE username='" . mysql_real_escape_string($_COOKIE['username']) . "'";
}

// Connect to database
$opendb = mysql_connect($dbhost, $dbuser, $dbpass) or die("Kunde inte ansluta till MySQL:<br>" . mysql_error());
mysql_select_db($dbname) or die("Kunde inte ansluta till databasen:<br>" . mysql_error());

mysql_query($new_value) or die(mysql_error());  

// Close database
mysql_close($opendb);

Information:

$_POST['pos'] holds a value from the database in a hidden input. This value I have choosen to split with str_split($r['regnr'], 6); into a JQuery sortable list. If I type echo $value; in the foreach loop I've got the new value (not splitted, as I want) from the JQuery sortable list. I need all values from the list, and I get it with echo. But if I use $value variable to UPDATE the database that it came from, it just updates with the last value from the JQuery sortable list.

Can someone solve that? :D

Improve this question
8
  • 1
    Nice SQL injection hole. This code allows any malicious user to change anything they want in the users table, including making themselves superusers/admins. Commented Mar 15, 2013 at 16:57
  • How? This code is just an example this far. Haven't been focused on secure it yet. Commented Mar 15, 2013 at 17:06
  • 2
    If the user changes the value of the cookie username, then a user could inject this value you-got-hacked'; DROP DATABASE; and poof no more database. Yes that's how serious SQL injection can get. Use the PDO library or the MySQLi library. Commented Mar 15, 2013 at 17:54
  • @Treps you don't add security later. You design something proper from the beginning. Commented Mar 15, 2013 at 19:19
  • Okay, I will look into that. But is there someone who can solve the actual question? :) Commented Mar 16, 2013 at 11:56

1 Answer 1

Reset to default
1

Here is the solution:

$str = '';

foreach($_POST['pos'] as $value) {
  $str = $str.$value;
}

// Connect to database
$opendb = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$new_value = "UPDATE users SET regnr='" . $str . "' WHERE username='" . mysql_real_escape_string($_COOKIE['username']) . "'";
mysql_query($new_value) or die(mysql_error());

// Close database
mysql_close($opendb);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.