Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: Re: Getting a value from a PHP script

by jens (Pilgrim)
on Sep 18, 2002 at 23:14 UTC ( #199032=note: print w/replies, xml ) Need Help??


in reply to Re: Getting a value from a PHP script
in thread Getting a value from a PHP script

You have an SQL injection vulnerability there.

Forgive my ignorance, but what is an "SQL injection vulnerability"?

--
Microsoft delendum est.
  • Comment on Re: Re: Getting a value from a PHP script

Replies are listed 'Best First'.
Re^2: Getting a value from a PHP script
by Aristotle (Chancellor) on Sep 18, 2002 at 23:27 UTC
Re: Re: Re: Getting a value from a PHP script
by thunders (Priest) on Sep 19, 2002 at 00:49 UTC

    you'll notice in the code sample i provided i threw in a quesion mark. that is a place holder, a way of ensuring proper quoting with DBI. I'm not sure how PHP implements this. if someone were to spoof their REMOTE_USER string to report
     bill' OR 'cracked'='cracked

    you suddenly have a breach where all the data in that table is pulled in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://199032]
help
Chatterbox?
[makita]: sign_types parameter in XML::Compile::WSS ::Signature Does have anybody experience how to use it?
[makita]: Need to sign more elements but all types I put in array are ignored. And is always signed only the body
[Discipulus]: no makita sorry. i see in the synopsis of the module: "WARNING: Only limited real-life experience" might be better compose a SOPW with some code example and data
[Discipulus]: ..or inspect the source code of the module
[makita]: I am doing this:
[makita]: my $sig = $wss->signature( schema => $wsdl, token => $token, sign_types=>'wsa: Action','wsa:To', 'wsu:Timestamp', 'wsa:MessageID',' SOAP-ENV:Body', signer=>DSIG_RSA_S HA1, public_key => $cert,
[Corion]: Oof, I haven't done much with signing SOAP requests. markov is usually somebody good to ask via mail ;)
[makita]: I need to create a SOAP call where are signed more types not only the body
[makita]: I am inspecting it second day :)
[makita]: Thanks

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (11)
As of 2017-03-23 08:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should Pluto Get Its Planethood Back?



    Results (285 votes). Check out past polls.