On Thu, 14 Aug 2003, moshe doron wrote:
>
> "Marcus B�Rger" <[EMAIL PROTECTED]> wrote in message
> > md> http://www.phpbuilder.com/mail/php-developer-list/2003022/0062.php
> >
> > Bullshit.
> >
> > If the cracker can change one of your sql statements he already has access to
> > your machine. In that case he wouldn't bother changing your sql statements.
> >
>
> that's the point. if the cracker can change only the end of the query, it's
> not so usefull for him (he can maximum get other id) but if he can chain
> totally new query, he may or may no bother changing your sql statements....
But it's a *user* problem (the developer), not a PHP problem. PHP should
not break nice functionality in an extension (such as chaining queries)
because of people too lazy to verify user input.
Derick
--
"Interpreting what the GPL actually means is a job best left to those
that read the future by examining animal entrails."
-------------------------------------------------------------------------
Derick Rethans http://derickrethans.nl/
International PHP Magazine http://php-mag.net/
-------------------------------------------------------------------------
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
