PHP

SQL Injection? What is it?

I can’t believe you don’t know what is it… But here is a simple example:

We used MySQL with PHP… In the past months we try to migrate MySQL tables to MongoDB. And yes it was not a simple method (but we did it).

Now I’ll tell you a simple source of bugs because i have too much fun with this. We have a users table with some fields for example member_type (int). The types already migrated to MongoDB. We fetch the user and we make a query with member_type value but it doesn’t work for us. Why?

PHP has two methods which should work the same way. The and operator and the &&operator. But if you do not pay attention your program will be broken.

Why not? Let’s try ;)

I need some constants for GalleryTypes: