Geoff Cox wrote:
> Hello,
>
> I have a site with 7 pages, on each of which users answer 4 questions.
> The answers are submitted using AJAX and the php code below into a
> MySQL database.
>
> There is a possibility that the site may get mentioned on the radio
> which could result in a high number of users accessing the site in a
> short period of time.
>
> Are there are any precautions I need to take re the adding of the data
> to the database? Is the code below adequate?
>
> Thanks
>
> Geoff
>
> @require(dirname(__FILE__) . '/../../../config/config.php');
>
> $result1 = $_GET['answer1'];
> $result2 = $_GET['answer2'];
> $result3 = $_GET['answer3'];
> $result4 = $_GET['answer4'];
>
> mysql_connect($conf['sql']['host'], $conf['sql']['user'],
> $conf['sql']['pass']) or die(mysql_error());
> mysql_select_db($conf['sql']['db']) or die(mysql_error());
>
> mysql_query("INSERT INTO mytable (answer1,answer2,answer3,answer4)
> VALUES ('$result1','$result2','$result3','$result4')");
>

Impossible to tell from what you have. But it looks like you have done
absolutely no validation of the input data. The result can be a
complete destruction of your database - or worse. Google for "SQL
injection.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================