[PHP] Re: Is this code safe?

Hugh Bothwell Thu, 28 Mar 2002 03:52:16 -0800


"Richard Ellerbrock" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> $result=mysql_query("DELETE FROM customer
>                         WHERE customer=$cust",
> $ds) and
> $result=mysql_query("DELETE FROM custinfo
>                         WHERE customer=$cust",
> $ds) and
> $result=mysql_query("DELETE FROM revdns
>                         WHERE customer=$cust",
> $ds) and
> AuditLog($ds, sprintf(my_("User %s deleted customer cust %u"),
>          $HTTP_SERVER_VARS["PHP_AUTH_USER"], $cust));


Note: you had better do a thorough job of validating $cust, lest someone
pass something charming like

$cust = '39428 or customer > 0';

which might be enough to make your whole *week* interesting.



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Is this code safe?

Reply via email to