RE: [Flashcoders] LoadVars and SQL Query issue

Sat, 02 Feb 2008 06:54:21 -0800 

Omar

This is the least of your worries .... google SQL injection attacks before you 
waste too much more development time trying to resolve this issue.

Pete


-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Omar Fouad
Sent: Sat 2/2/2008 1:07 AM
To: Flash Coders List
Subject: [Flashcoders] LoadVars and SQL Query issue
 
I am doing an application where I'm writing some classes that sends queries
to a php file by using LoadVars.send().

var toSend:LoadVars = new LoadVars();
var myQuery:String = "select * from users where Name = 'Omar Fouad' ";
toSend.query = myQuery; // traces    select * from users where Name = 'Omar
Fouad'
toSend.send("File.php", "_self", "POST");

At this phase the php files receive the query and when I echo the query
string appears:

select * from users where Name = \'Omar Fouad\'
That's is how it is sent to the server so of course it shows an SQL error
because of the backslashes. Apparently it does not recognize the "String in
the String" part of the query that is sent from Flash.

When I send a query for a Number like:

select ^ from users where id = 1

it queries the database without problems.

How can I solve this problem?

Thanks and Regards.

-- 
Omar M. Fouad - Digital Emotions
http://www.omarfouad.net

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Reply via email to