Does your form field call the same thing as mysql, really represents a security risk?

Question

Does your form field call the same thing as mysql, really represents a security risk?

Is there a reason why you should or shouldn't name the form fields exactly the same as the HTML fields?

<input type="text" name="my_field_1" id="my_field_1" /> --> mysql row my_field_1

or

<input type="text" name="myField1" id="myField1" /> --> mysql row my_field_1

The only thing I can think of is probably naming conventions for HTML and Mysql (possibly a personal preference), as well as easy injection prevention (obviously, the field name should change more ... but first all values should be checked in anyway + using a real escape line).

+5

html php mysql

jwzk Jan 23 '10 at 23:12

source share

6 answers

, , , . , , SQL , ? , TamperData, firefox, , ?

, , , , !

+2

blowdart 23 . '10 23:18

, ( ). ? , , , ;)
, , .

, , .

0

Felix Kling 23 . '10 23:16

. .

, , "", , MySQL .

0

jerebear 23 . '10 23:16

, 100% SQL. , / .

0

BalusC 23 . '10 23:30

, , , - .

- , , - , ( ).

0

MarkR 24 . '10 13:01

Pekka 웃 · Accepted Answer · 2010-01-23T23:15:11+0000

, , , , , "" .

, , . , , , .

, , . , - , , . .

Does your form field call the same thing as mysql, really represents a security risk?

More articles: