The global variable declaration can be a trap.
In some other languages, global variables are usually declared global outside the functions and then used in the functions.
In PHP, it’s the opposite: to use a global variable inside a function, declare the variable as global inside the function.
You can have three ways:
1. Changing memory_limit globally from php.ini
For ex: memory_limit = 32M
This change is global and will be used by all php scripts running on the system.
2. Changing memory_limit using .htaccess for a single folder/vhost
To do this you have to add to the respective location .htaccess something like: php_value memory_limit 64M
3. This one is my favorite
ini_set(‘memory_limit’, ‘64M’);
The advantage of this method is that you have more control and set this value just where you know it is really needed. Also it can be done without having access to the system php.ini, and will become active immediately.
SQL injection is a serious concern for webmasters, as an experienced attacker can use this hacking technique to gain access to sensitive data and/or potentially cripple your database.
In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable.
// This is a vulnerable query.
$query = "SELECT * FROM products WHERE name='$productname'";
mysql_query($query);
// This query is more secure
$query = sprintf("SELECT * FROM products WHERE name='%s'",
mysql_real_escape_string($productname));
mysql_query($query);
You can find the grt help on this link(For .net Programmers):
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
Recent Comments