Levi Smith wrote:
You'll have to excuse my lack of knowledge, I've had no training and I've
only managed to scrounge enough off the net to get the functions
done. I'm
only now starting to go through some of my code and databases and try to
apply some after-the-fact knowledge to clean things up a bit. So...
Can you help me out with what exactly "Also be aware that putting things
directly from the request parameter into a sql string is a sql injection
flaw." means?
From the sound of it are you telling me that by asking for multiple
qualifications in the select statement I'm running what is technically an
"error", but works? Or something else entirely?
SQL Injection is a security vulnerability where users can send in SQL to
your program in place of a normal parameter, which then gets executed.
So if you had a link that looked like:
http://example.com/showItem.php?cat=widgets
I could send in sql in place of widgets and have it be part of your sql
that you send to the database. It is likely that I could get at any
information in your database (such as usernames and passwords) or even
insert or delete records. The solution to this is generally to make
sure that special characters (like the single quote) are properly
escaped. I'm sure PHP has builtin functions to help with this, but I'm
not sure what they are because I am not a PHP dev (mostly Java & some .Net).
Use Google to find more information. SQL Injection is the most widely
known security vulnerability for web developers, so there is a lot of
info about it available. If there is ever a place in your code
(regardless of language) where you are building up a sql command out of
strings, you have to be careful to avoid introducing a SQL Injection flaw.
-- Rick
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
