php-general Digest 25 May 2011 14:38:59 - Issue 7328
Topics (messages 313137 through 313152):
simple question abt convert to integer
313137 by: Negin Nickparsa
313138 by: Bálint Horváth
313139 by: Negin Nickparsa
313140 by: Negin Nickparsa
313141 by:
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
my code is this:
$query1=select * from patient where id=.$_POST['txt'];
it works but
Holy Jesus!
Can't wait to send to your server POST request with txt=1;DROP DATABASE; --
Of course, if you'll switch to prepare statement instead of
Of course have to use filters and etc...
Bálint Horváth
On 25 May 2011 09:53, Vitalii Demianets vi...@nppfactor.kiev.ua wrote:
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
my code is this:
$query1=select * from patient where id=.$_POST['txt'];
it works but
Holy Jesus!
Can't
Vitalii Demianets vi...@nppfactor.kiev.ua wrote:
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
my code is this:
$query1=select * from patient where id=.$_POST['txt'];
it works but
Holy Jesus!
Can't wait to send to your server POST request with txt=1;DROP
DATABASE; --
Of course, if
Hello Negin,
$query1=select * from patient where id=.$_POST['txt'];
$result1=mysql_query($query1);
$rows=mysql_num_rows($result1);
Note: you *didn't* execute the query by calling mysql_query on it.
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion
On Tue, 24 May 2011 23:47:47 +0700, Paul S pau...@roadrunner.com wrote:
On Tue, 24 May 2011 21:09:34 +0700, Richard S. Crawford
rscrawf...@mossroot.com wrote:
On Tue, May 24, 2011 at 6:51 AM, Paul S pau...@roadrunner.com wrote:
I'd like to check a table to retrieve rows for which one field
Hi,
Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8
encoded character a single character
How can it be break into the REAL bytes array that represent the UTF-8
string
and how can we reassembled the bytes array back to UTF-8?
--
Best Regards,
*Eli Orr*
CTO
Tnx to all:D
Paul you are absolutly right:D
it was a bad mistake from me
there was no need 2 convert it
Balint helped me n with mysql_error i found that
my code hasn't any mistake
i just forgot the BIG thing!
selecting db:D
i totally forgot it because i had array keys with if statement n in there
On Wed, May 25, 2011 at 8:15 AM, Eli Orr (Office) eli@logodial.com wrote:
Hi,
Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8
encoded character a single character
How can it be break into the REAL bytes array that represent the UTF-8
string
and how can we
The problem is that if you set the post directly to the query it's available
to be an attach code in the field... (eg. DROP DATABASE;) it's called to
SQL injection...
what I mean on filtering:
always check the values in query eg.: $id = $_POST['id'];
if(is_numeric($id)){...}else{bad post}
and at
i got it tnx Balint
11 matches
Mail list logo
