what he means is
given
$query_loss = "SELECT"
. " LOSS_NUM"
. " FROM LOSS"
. " WHERE POL_NUM = '".
$_GET['submit_policy']."'";
the user can alter the url to (and this is just to get the point across I
don't know the %chars to make it work as a real url)
yourpage.php?submit_policy=insert into users set `username`='username',
`password`='password',`admin_level`=1
unfortunately I'm not as much of an expert on sql injections as i should be,
but i think that gets the general idea across, if you don't pasteurize that
incoming $_GET statement you could be hurting when your site says 'Pwned by
n4t0 h4t0rz' or some crap on it on the main page, and that would be the
least of your worries. If your db carries sensitive information you could
be looking at not only lost income and security expenses but also lawsuits.
On 10/3/07, Lir <[EMAIL PROTECTED]> wrote:
>
>
> Thanks Frank for replay. Well this is my real code and I don't
> understand very well what do you mean?
> I valid the submit_policy before send it to MYSQL but I don't know if
> it's relevant with what you said.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Spinoffs" group.
To post to this group, send email to rubyonrails-spinoffs@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
