Re: [PHP] SQL Injection/Data Balidation

Fri, 16 Aug 2002 11:58:26 -0700 

I didn't see that, what a waste of paper....

Randy
----- Original Message -----
From: "Edwin @" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 16, 2002 1:14 PM
Subject: Re: [PHP] SQL Injection/Data Balidation


> Yeah, I'm scared...
>
> Please excuse me but may I say that it seems like you've sent some wrong
> info to the wrong mailing list?
>
> I use PHP NOT ASP, I use MySQL or PostgreSQL or Oracle but NOT M$ SQL
> Server. And IIS? Of course, some people use it (perhaps) because of some
> unavoidable circumstances but I don't--I use Apache NOT IIS.
>
> Of course, there's nothing bad about being cautious... However, please
send
> some links (or documents) that are more relevant...
>
> Thanks anyway, now *I* have something to scare my friends... ;)
>
> - E
>
> >
> >Please CC me as I'm on digest:
> >------------------------------
> >
> >Are there any libraries for data validation available? If one reads
> >papers like these:
> >
> > http://www.nextgenss.com/papers/advanced_sql_injection.pdf
> > http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
> >
> >It becomes apparent that sites using databases are incredibly open to
> >attack because of the ingenuity of the attackers. I think there should
> >be a PHPGuardLib or something. After reading those articles, I plan on
> >filtering ALL input for semi-cololons and 'chr(' character strings. In
> >the cases where I want to accept apostrophes, I'm going to be very
> >careful.
> >
> >Also, are there any attacks to email programs on linux that can be done
> >through input forms?
> >
> >PS, for those who think escaping user input only on apostrophes, THINK
> >AGAIN! And read the aticles above.
> >--
> >
> >If You want to buy computer parts, see the reviews at:
> >http://www.cnet.com/
> >**OR EVEN BETTER COMPILATIONS**!!
> >http://sysopt.earthweb.com/userreviews/products/
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
> _________________________________________________________________
> MSN Hotmail č il provider email pių grande al mondo. cosa aspetti a farti
un
> account? http://www.hotmail.it
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to