Hi PHP Database gurus,

Mostly a research question. I recall (a long time ago - php3?) that
some php packages could be compromised by injecting a secondary query
though GET/POST variables when they were not properly sanitized. 

$query="select a from $b";

Inject $b="tablename; insert into a set col='c'"

Even the current PHP manual includes a fairly recent comment warning of
such attacks, though the manual clearly states that only one query can
be issued and a semicolon should not be included. My testing confirms
that the second query isn't executed.

Some web research leads me to believe this was changed, though I cannot
find when. I'm pretty certain it was there at one point, since I found
a vulnerability like this in an application I was auditing for security.

Anyone recall or know if this change occurred in a specific PHP version?
Is it reasonable to assume it will not be added back in?

James Harrell

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to