Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Re: Getting a value from a PHP script

by jens (Pilgrim)
on Sep 18, 2002 at 23:14 UTC ( #199032=note: print w/ replies, xml ) Need Help??


in reply to Re: Getting a value from a PHP script
in thread Getting a value from a PHP script

You have an SQL injection vulnerability there.

Forgive my ignorance, but what is an "SQL injection vulnerability"?

--
Microsoft delendum est.


Comment on Re: Re: Getting a value from a PHP script
Re^2: Getting a value from a PHP script
by Aristotle (Chancellor) on Sep 18, 2002 at 23:27 UTC
Re: Re: Re: Getting a value from a PHP script
by thunders (Priest) on Sep 19, 2002 at 00:49 UTC

    you'll notice in the code sample i provided i threw in a quesion mark. that is a place holder, a way of ensuring proper quoting with DBI. I'm not sure how PHP implements this. if someone were to spoof their REMOTE_USER string to report
     bill' OR 'cracked'='cracked

    you suddenly have a breach where all the data in that table is pulled in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://199032]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (15)
As of 2014-10-21 09:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (99 votes), past polls