It doesn't. What you're seeing is an SQL injection attack. If you *trust* the SQL code you allow from POST or GET requests, your SQL server will be own3d in due course.

That URL actually translates to 456456456 OR 1<>2

Which is always true. So If you use this verbatim, you'll get a true result (if you were using it as part of a login process, the user would be in without providing a login and password :-p )

I always, *always* apply $result=(integer) $_GET["uid"] to these strings : That way you are guaranteed it's a number not a string.

Cheers - Neil


Message-ID: <[EMAIL PROTECTED]>
From: "Dan Bowkley" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Sun, 9 May 2004 15:17:19 -0700
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] supernoob strikes again

I thought "4" didn't equal "456456456%20%20OR%201<>2"


========================================================
CaptionKit http://www.captionkit.com : Production tools
for accessible subtitled internet media, transcripts
and searchable video. Supports Real Player, Quicktime
and Windows Media Player.

VideoChat with friends online, get Freshly Toasted every
day at http://www.fresh-toast.net : NetMeeting solutions
for a connected world.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to