Sign in to follow this  
  • entries
    43
  • comments
    51
  • views
    31883

OMFGWTFBBQ! An Update!

Sign in to follow this  

287 views

I havent had the time nor the motivation to work on my CMS in recent months. Today I had some time to spare so I picked it up again.

One of the parts that was holding me back before was the creation of an installation script that would get information from the user about the address of the database, its username and password, and some information to create the admin account so today my project was to create that page.

In the process I discovered that there were some problems in my database classes. I cannot use mysql_real_escape_string() on the query as a whole - it needs to be done on individual parameters. I updated Query() and added a new function EscapeString()


// Escapes a string to protect against SQL injection
function EscapeString($str) {
if (!is_numeric($str))
return mysql_real_escape_string($str, $this->link);
else
return $str;
}

// Performs a query
// It is assumed that the query is safe
function Query($query) {
$result = mysql_query($query, $this->link);

if (!$result) {
$this->error = mysql_error();
return false;
} else {
$this->error = '';
return new QueryResult($result, $this->link);
}
}



I also made some changes to the QueryResult class to prevent the warnings that come up when $result comes from a query like UPDATE or INSERT.

I fixed a bug in RegisterUser() in which I wasnt quoting the hash of the password or the join date and sometime during my period of not posting I switched from using MD5 to hash the password to SHA1.

Here is my installation script:


/************************************************************************
*
* Title: Installation
* Author: Colin Jeanne (http://colinjeanne.net)
* Date: May 23, 2005
*
* Description:
* Gets information to access the database
* Creates cms-settings.php and tables for modules and users
*
************************************************************************/

?>
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">



Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now