p30online
پنج شنبه 12 دی 1392, 13:15 عصر
دوستان این کدها امنیت داه یا نه ؟اگر خیر چرا؟
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="electronic"; // Database name
$tbl_name="vehicles"; // Table name
include('jdf.php');
$day_number = jdate('j');
$month_number = jdate('n');
$year_number = jdate('y');
$day_name = jdate('l');
$date="$year_number/$month_number/$day_number";
$username=$_POST['namekala'];
$noe=$_POST['noe'];
$dastedovom=$_POST['dastedovom'];
$foroshande=$_POST['foroshande'];
$model=$_POST['model'];
$gheymat=$_POST['gheymat'];
$phone=$_POST['phone'];
$address=$_POST['address'];
$email=$_POST['email'];
$tozihat=$_POST['tozihat'];
$username=stripslashes('namekala');
$noe=stripslashes('noe');
$dastedovom=stripslashes('dastedovom');
$foroshande=stripslashes('foroshande');
$model=stripslashes('model');
$gheymat=stripslashes('gheymat');
$phone=stripslashes('phone');
$address=stripslashes('address');
$email=stripslashes('email');
$tozihat=stripslashes('tozihat');
$username=mysql_real_escape_string('namekala');
$noe=mysql_real_escape_string('noe');
$dastedovom=mysql_real_escape_string('dastedovom') ;
$foroshande=mysql_real_escape_string('foroshande') ;
$model=mysql_real_escape_string('model');
$gheymat=mysql_real_escape_string('gheymat');
$phone=mysql_real_escape_string('phone');
$address=mysql_real_escape_string('address');
$email=mysql_real_escape_string('email');
$tozihat=mysql_real_escape_string('tozihat');
mysql_query('SET NAMES \'utf8\'');
mysql_query("INSERT INTO `ecity`.`vehicles` (`namekala`, `noe`, `dastedovom`, `foroshande`
, `model`, `gheymat`, `phone`, `address`, `email`, `tozihat`) VALUES ('$username', '$noe', '$dastedovom', '$foroshande', '$model', '$gheymat', '$phone', '$address', '$email', '$tozihat');");
header('location:admin.php');
?>
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="electronic"; // Database name
$tbl_name="vehicles"; // Table name
include('jdf.php');
$day_number = jdate('j');
$month_number = jdate('n');
$year_number = jdate('y');
$day_name = jdate('l');
$date="$year_number/$month_number/$day_number";
$username=$_POST['namekala'];
$noe=$_POST['noe'];
$dastedovom=$_POST['dastedovom'];
$foroshande=$_POST['foroshande'];
$model=$_POST['model'];
$gheymat=$_POST['gheymat'];
$phone=$_POST['phone'];
$address=$_POST['address'];
$email=$_POST['email'];
$tozihat=$_POST['tozihat'];
$username=stripslashes('namekala');
$noe=stripslashes('noe');
$dastedovom=stripslashes('dastedovom');
$foroshande=stripslashes('foroshande');
$model=stripslashes('model');
$gheymat=stripslashes('gheymat');
$phone=stripslashes('phone');
$address=stripslashes('address');
$email=stripslashes('email');
$tozihat=stripslashes('tozihat');
$username=mysql_real_escape_string('namekala');
$noe=mysql_real_escape_string('noe');
$dastedovom=mysql_real_escape_string('dastedovom') ;
$foroshande=mysql_real_escape_string('foroshande') ;
$model=mysql_real_escape_string('model');
$gheymat=mysql_real_escape_string('gheymat');
$phone=mysql_real_escape_string('phone');
$address=mysql_real_escape_string('address');
$email=mysql_real_escape_string('email');
$tozihat=mysql_real_escape_string('tozihat');
mysql_query('SET NAMES \'utf8\'');
mysql_query("INSERT INTO `ecity`.`vehicles` (`namekala`, `noe`, `dastedovom`, `foroshande`
, `model`, `gheymat`, `phone`, `address`, `email`, `tozihat`) VALUES ('$username', '$noe', '$dastedovom', '$foroshande', '$model', '$gheymat', '$phone', '$address', '$email', '$tozihat');");
header('location:admin.php');
?>