php - Does naming your form fields the same as mysql actually pose any security risk? -
Is there any reason why you should name your form fields as HTML fields or not?
& lt; Input type = "text" name = "my_field_1" id = "my_field_1" /> - & gt; Mysql line my_field_1
or
& lt; Input type = "text" name = "myField1" id = "myField1" /> - & gt; Mysql row my_field_1
I can think that only one thing is probably naming conventions for HTML versus MyScall (personal preference), as well as prevention of minor injections (obviously the area's Name must be changed too much ... but all the values must be valid before also + use the real escape strings.)
The only way I can see that it can cause a problem when the attack A common table identifies the name of a protected column that should not be changed through the form, and intends to have a new input element with that name, "slipping" illegally in the table.
This is a program that should filter your program in any way, so there is no problem in your actual column After the names, the Farming Naming Field does not need to take care of the loop any time through every available table column or form field , but the updates that are being updated need to be selected. .
A secondary, very minimal risk is to highlight column names in your table, so if you are over-confused about security, then you give the form field a different name than their column Want to But I can not see any real need for it.
Comments
Post a Comment