To add the published_date column, use the connection and query code that are employed throughout the chapter, but modify the query string to create the new column:
<?php require_once('db_login.php'); //sets the values for the database connection require_once('DB.php'); //connect to the database $connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database"); if (DB::isError($connection)){ die ("Could not connect to the database: <br />". DB::errorMessage($connection)); } //modify the table $query = "ALTER TABLE books ADD published_date date"; //check for an error $result = $connection->query($query); if (DB::isError($result)){ die("Could not query the database: <br />". $query." ".DB::errorMessage($result)); } echo "Modified successfully!"; $connection->disconnect(); ?>
Solution to Question 12-2
SQL Injection and Cross Site Scripting attacks. SQL Injection attacks attempt to insert special characters that change the meaning of an SQL query, while Cross Site Scripting attacks attempt to reveal private information from a session by inserting malicious HTML.
Solution to Question 12-3
The get_magic_quotes_gpc() function returns TRUE if magic quotes are enabled.
Solution to Question 12-4
The htmlentities() function escapes any HTML that might otherwise be exploited.
