of thing you are vunerable to SQL insertion attacks.
Joshua b. Jore
http://www.greentechnologist.org
On Thu, 25 Apr 2002, Maxim Maletsky (PHPBeginner.com) wrote:
-Original Message-
From: Liam Gibbs [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 8:20 PM
To: [EMAIL PROTECTED
-BEGIN PGP MESSAGE-
Comment: For info see http://www.gnupg.org
owGlWL9vHMcVlmy4IcDCQIC0L2qONJZLibGS4GDrN63QpkRFRyURDEGY2527Hd3s
znpmlucNYDduXLhwlyqA/4BUaVwZSJogQJIirowAKVykc7oAQrp8b3bvdu9ES5bM
I4i7mX1v3rz3fd97x083Xz770qsffPPOHz6JPv/p2b9+48+88Rf15QH5TBUzqk1F
. This is more generic database issue. I
could have also written:
INSERT INTO foo (a,b) VALUES (?,?)
where again, the values are passed separately and are *not* interpolated
into the query. That's the point - not interpolating your values to
protect against insertion attack.
Joshua b. Jore
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh it's probably because your numbers are being interpreted as octal.
Either use the array as '00' .. '09' or just 0 .. 9. 00 .. 09 is valid for
00 to 07 but there is no such thing as 08 and 09 in octal.
Joshua b. Jore
http
, has anyone actually done this and is
it normal?
When Parrot goes gold, is PHP likely to work with it?
Joshua b. Jore
http://www.greentechnologist.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
iD4DBQE8vMcEfexLsowstzcRAnsbAKCUDdIfasf
5 matches
Mail list logo