I am reading this article on security and it mentions something about passing data through the address bar.

If I had


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------


I could pass this through the address bar


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



I noticed that I have this in my own script


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------


So I wanted to test it but it doesn't work.


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



Here's the article http://www.hudzilla.org/phpbook/read.php/17_1_1

I am guessing that browsers recognize the "#" character.

it would only work if a variable of the same name existed, was used in a query string, and was not previously cleansed.

In a nutshell, it CAN happen - but its rare and really only through irresponsible coding or a complete oversight.

BTW: It couldnt happen the way you are trying to do it anyway. Why exactly are you posting this anyway? This is 'hacking' fodder which kind of concerns me.

I don't plan on hacking anyone's site, I just wanted more insight about sql injection to protect myself.

Here is a little information on protecting yourself from injections with vb however it looks a bit dated (globalize isnt used as such anymore)

http://www.vbulletin.org/forum/showthread.php?t=80217&highlight=injection

HTHs

Thank you.

This is offtopic
I have four button "up, down, right, left"
When a button is pressed it adds or substracts from the value and re-inserts into the database.



Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------


What I'm doing is using the php image function and on that script I'm getting the vertical ($move_h) and the horizontal ($move_h) positions.
It'll place and image according to those coordinates.

So my question is if I have a lot of people playing at the same time will it bog down the server?

Well it for sure could get wrong results (there is a little time between calculating and submitting the query). I suggest somehting like the following:



Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------



Just typed it here, so not tested and probably made a typo somewhere, but you get the idea.

You can add the code to add to the $move array for horizontal yourself.

I did the mktime on my script using my way and your way and they're both pretty much the same.

For my way I get "0.00130414962769" seconds
For your way I get "0.00123000144958" seconds
I'll use your way since it looks more complex.

I have anoher offtopic question

How can I pass a variable to a script without loading the script I'm sending it to?
Instead of doing this...


Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------


Then on somescript.php I would use $_POST['var']
But I would like to send $_POST['var'] to somescript.php with the browser redirecting to somescript.php?
I know it sounds weird but I may have an use for it.