Hi; I'm e newbie in PHP. I have to reda data from an AS400 system; I use
an ODBC connection and I have to read data from a table with
This the SQL Statement
$query_stm = SELECT * .
FROM cordo.plavt .
where atcdim = ? .
and atdtvf = 999;
This is the prepare
ANZOLA Silvio wrote:
Hi; I'm e newbie in PHP. I have to reda data from an AS400 system; I use
an ODBC connection and I have to read data from a table with
This the SQL Statement
$query_stm = SELECT * .
FROM cordo.plavt .
where atcdim = ? .
and atdtvf = 999;
OK, I checked into this further, and I must apologize: you are correct.
I suspect that most of us didn't remember that this feature even
existed...
You don't have to apologize. And indeed... I don't get the idea that
many people know about this. Besides you and maybe one or two others
I
On Mon, 2002-02-11 at 00:21, * RzE: wrote:
I understand you try to 'protect' your own product, but you have to
stay a bit realistic about some things. Ofcourse I check the input.
But you know... there's absolutely nothing wrong with allowing
quotes to be stored in the database. It's just
On Mon, 2002-02-11 at 06:46, Jerry Verhoef (UGBI) wrote:
I think you all are missing the point that *RzE is making.
The software you use/create should be bugfree and free from undocumented
features. Otherwise security risks could occur. And ofcourse all other
In a perfect world, yes.
) [EMAIL PROTECTED]
Cc: PHP General Mailinglist [EMAIL PROTECTED]
Sent: Tuesday, February 12, 2002 12:20 PM
Subject: RE: [PHP] ODBC_EXECUTE has a DANGEROUS 'feature'!!!
On Mon, 2002-02-11 at 06:46, Jerry Verhoef (UGBI) wrote:
I think you all are missing the point that *RzE is making
*Always* validate your data. If you validate your data and never trust
anything which comes from the client side of the connection, your
problem goes away. I mean, you wouldn't pass user data to exec()
or fopen() without some serious checking, would you? ;)
Sure, PHP could try to prevent
Hi folks,
I don't know if everyone ever knew this, but I haven't been able to
find anything about this, anywhere...
odbc_execute has a very dangerous 'feature'. I would like to call it
a bug, because someone has implemented it on purpose I should call
it a feature...
odbc_execute takes two
This is what we call a BUG
Report it on http://bugs.php.net
thx
-Original Message-
From: * RzE: [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 1:44 PM
To: PHP General Mailinglist
Subject: [PHP] ODBC_EXECUTE has a DANGEROUS 'feature'!!!
Hi folks,
I don't
Usually I would agree with you. Like I wrote in my message, I would
like to call it a bug, but it was written on purpose. That would
make it a feature!?!
It's an if-block of app. 20 lines that makes sure this happens.
Looks like someone _really_ wanted PHP to do this...
This is what we call a
On Fri, 2002-02-08 at 04:43, * RzE: wrote:
Hi folks,
I don't know if everyone ever knew this, but I haven't been able to
find anything about this, anywhere...
odbc_execute has a very dangerous 'feature'. I would like to call it
a bug, because someone has implemented it on purpose I
11 matches
Mail list logo
