At 03:39 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
>Hi everybody!
>Two things I consider urban myths about PHP (plus MySQL) - please let me
>know what you think of these:
>1. The evil global variables
>My question to you guys is this: does anybody know of a real example of
>reasonably careful coding led to disaster with global variables?

I personally don't, but apparently the PHP developers think it's enough of 
a risk that they've deprecated register_globals in 4.1.0...

>2. Please enter your age: 25; drop database mysql
>Does this actually work?
>So I decided I had to test this: I wrote the code exactly as in the
>example; I provided the exact dangerous input (well, to be honest, I
>tried a select instead of drop mysql). When I tried it, the presumably
>dangerous situation degraded into a trivial MySQL error. It went
>something like "You have an error near '; select 1+1'".

I've done something similar in the past just for kicks, and I got the same 
result you did (i.e. an error).  I believe this is because mysql_query() 
expects ONE query at a time and will break if you send two or more.  I 
could be completely and totally wrong about that, though (someone please 
correct me if I am)...

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to