I have a simple method of creating easy form processing I thought
I came up with the idea (I am not claiming to be the first) to have form
elements I want to update via MySQL starting with either - or +.
Example:
+name=DAN
[EMAIL PROTECTED]
-notes=
id=1
The first 2 are required and
Hello,
Are you sure you want to do something like this?
This seems like a good candidate for an SQL injection...
(Well, I'm not really sure how you're doing it so I could be wrong.)
Just wondering...
- E
Dan Tappin [EMAIL PROTECTED] wrote:
I have a simple method of creating easy form
Dan Tappin wrote:
I have a simple method of creating easy form processing I thought
I came up with the idea (I am not claiming to be the first) to have form
elements I want to update via MySQL starting with either - or +.
Example:
+name=DAN
[EMAIL PROTECTED]
-notes=
id=1
The first 2
I wrote a db class which builds my queries for me. Example snippit:
/* -- db.conf -- (table definitions) */
dbNewConn('conn', 'user:password@host');
dbNewDb('database', 'conn');
dbNewTable('my_table', 'database.table_name');
/* -- My script.php -- */
$d = array( 'name' = $_POST['name'],
John W. Holmes wrote:
I wrote a db class which builds my queries for me. Example snippit:
/* -- db.conf -- (table definitions) */
dbNewConn('conn', 'user:password@host');
dbNewDb('database', 'conn');
dbNewTable('my_table', 'database.table_name');
/* -- My script.php -- */
$d = array( 'name' =
recall correctly it either strips them
entirely or turns them into underscores.
-Samuel | http://enetwizard.net
-Original Message-
From: Dan Tappin [mailto:dan;wavefront.ca]
Sent: Sunday, October 27, 2002 2:20 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Form element names starting
Hello Edwin,
What do you mean by SQL injection...?
Thanks,
Dan
On Sunday, October 27, 2002, at 01:01 AM, @ Edwin wrote:
Hello,
Are you sure you want to do something like this?
This seems like a good candidate for an SQL injection...
(Well, I'm not really sure how you're doing it so I
On Sun, Oct 27, 2002 at 11:18:28PM -0700, Dan Tappin wrote:
What do you mean by SQL injection...?
Well, to use your example of updating a user record, what if they
added form variables?
+admin=1
+paid_until=2102
+balance=10
Of course, not all will be applicable, but
Hello Dan,
I'm sure you can google for it. Try:
sql injection
as your keyword.
You'll find many interesting articles about it.
Like this: (found at the end of results page)
http://www.webmasterbase.com/article/794
HTH,
- E
Dan Tappin [EMAIL PROTECTED] wrote:
Hello Edwin,
What do
9 matches
Mail list logo