begin quoting George as of Thu, Aug 23, 2007 at 09:35:23AM -0700:
[snip]
> Here is a simple function that will take eliminate most SQL injection
> attacks:
>
> function filter_sql($input) {
> $reg = "(delete)|(update)|(union)|(insert)";
> return(eregi_replace($reg, "", $input));
> }
"Your application sucks!"
"Why?"
"Because it keeps changing my position in the employee database!"
"How's that?"
"When I try to update my employee information, as instructed, it
corrupts my position!"
"What's your position?"
"Union Representative."
"And what's the problem?"
"My business cards all say I'm a Representative. That didn't go over
well when I handed out my business cards on a trip to D.C. last week."
--
sElEcT * fRoM mYtAbLe wHeRe nAmE = "" oR 1 = 1 Or NaMe = ""
Stewart Stremler
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
