patternphpMinor
Inline PHP IP access log
Viewed 0 times
inlinephpaccesslog
Problem
For a website, I've got some inline PHP, posted below. It's supposed to log traffic to the website, and it does its job fine. But at the end of the day, I'm not even close to a PHP developer, and this is really just hacked together from Googling and inferring from other, more familiar languages. How can I improve this? Is using PHP in the actual file like this bad? (This is in
index.html.) Also, I don't believe I'm open to an SQL injection attack since the variables are all drawn directly from the server rather than the user, but I could be wrong.
Solution
I don't think its really SQL-injection, but
Theoretically i can add some kind of malicious domain name and affect your query. But from other hand, domain syntax is really limited. I don't think you can use it to do some serious thing.
Though i would recommend some error protection to avoid SQL-errors.
And correct mysql-escaping can never be bad ))
$hostname is not taken from server but from DNS.Theoretically i can add some kind of malicious domain name and affect your query. But from other hand, domain syntax is really limited. I don't think you can use it to do some serious thing.
Though i would recommend some error protection to avoid SQL-errors.
And correct mysql-escaping can never be bad ))
Context
StackExchange Code Review Q#47461, answer score: 6
Revisions (0)
No revisions yet.