RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread John Holmes
> $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); > $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); > $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; > > Or if you have magic_quotes_gpc turned on (the default) all vars passed > in from forms/cookies are quoted and SQL injection

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Richard Archer
At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote: >"INSERT INTO foo (a,b) VALUES (?,?)" $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; Or if you have magic_quotes_gpc turned on (the

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread John Holmes
> I think you misunderstood me. I already have a AuthenticateUser(TEXT,TEXT) > function that works great. What I don't understand is how to get PHP to > use place holders for data binding. This is more generic database issue. I > could have also written: > > "INSERT INTO foo (a,b) VALUES (?,?)" >

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Cal Evans
-- From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 4:00 PM To: Maxim Maletsky (PHPBeginner.com) Cc: [EMAIL PROTECTED] Subject: RE: [PHP] PHP Security Leak (plaintext) Foo. Somehow I encrypted the last message. --[PinePGP]--

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Joshua b. Jore
gins > > > > > -Original Message- > > From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 10:26 PM > > Cc: [EMAIL PROTECTED] > > Subject: RE: [PHP] PHP Security Leak > > > > This brings up another issue,

RE: [PHP] PHP Security Leak

2002-04-25 Thread Joshua b. Jore
-BEGIN PGP MESSAGE- Comment: For info see http://www.gnupg.org owGlWL9vHMcVlmy4IcDCQIC0L2qONJZLibGS4GDrN63QpkRFRyURDEGY2527Hd3s znpmlucNYDduXLhwlyqA/4BUaVwZSJogQJIirowAKVykc7oAQrp8b3bvdu9ES5bM I4i7mX1v3rz3fd97x083Xz770qsffPPOHz6JPv/p2b9+48+88Rf15QH5TBUzqk1F uXJVkUrrvDEp5TKmAxLaSpHWlIkTSYK

RE: [PHP] PHP Security Leak

2002-04-25 Thread Maxim Maletsky \(PHPBeginner.com\)
IL PROTECTED] > Subject: RE: [PHP] PHP Security Leak > > This brings up another issue, how the heck do you get data binding? For > the life of me I don't see where the _query functions support SQL like: > > "SELECT AuthenticateUser(?,?)" where then the first param mi

RE: [PHP] PHP Security Leak

2002-04-25 Thread Joshua b. Jore
This brings up another issue, how the heck do you get data binding? For the life of me I don't see where the _query functions support SQL like: "SELECT AuthenticateUser(?,?)" where then the first param might be a usernamd and the second would be a password. The idea is that without this sort of t

RE: [PHP] PHP Security Leak

2002-04-25 Thread Maxim Maletsky \(PHPBeginner.com\)
> -Original Message- > From: Liam Gibbs [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 25, 2002 8:20 PM > To: [EMAIL PROTECTED] > Subject: [PHP] PHP Security Leak > > I'm wondering if anyone has any ideas on how to make a > login site more secure. Since I'm not really sure if > I've e