On 2003-06-13 14:15-0400, Pushpinder Singh Garcha wrote:
I am trying to execute a simple query using $_POST variables, so
that variable poisoning is not possible. note: I have register_globals
ON on my site. I am getting the error shown below . Please advise ...
as I can't seem to
[snip]
$sql1 = INSERT INTO `contacts`
VALUES (
$_POST['company'],
$_POST['pri_name'],
$_POST['sec_name'],
$_POST['assistant_1'],
On Friday, June 13, 2003, at 02:22 PM, Zak Johnson wrote:
$_POST variables are still subject to poisoning; in your case, SQL
injection.
How is variable poisoning possible when using $_POST ?? I always felt
that the php compiler should check to see if the variable was part of
the POST Global
On 2003-06-13 14:42-0400, Pushpinder Singh Garcha wrote:
How is variable poisoning possible when using $_POST ?? I always felt
that the php compiler should check to see if the variable was part of
the POST Global array. At least this is is what I thought about the
$_POST global array.
It
4 matches
Mail list logo