Quote:
|
Originally Posted by Mike
Good job, a few things:
- Uggghhh, the window extension slow thinger. Please, get rid of it.
- Why are you sending a GET command when you send the data to the webserver? Semantically, you should use POST.
- Why the web-browser component? I'd recommend inet, but WinSock is always fun to learn.
- Your online script is way succeptible to SQL injection. I tried a few things, and couldn't determine any table/field names (my SQL is a tad rusty) but was able to input commands of my own (just couldn't do anything without table/field names)
Otherwise, good job. Looks like a fun little script.
|
still new to programming and everything with sql, id appricate anything to make it more secure
i dont use any get or post that i know of. it just sends via the address
the reason i created it was because a friend on another bored found the exact same thing but the site was charging 5 bucks a month