> $my_val_a = addslashes($HTTP_POST_VARS["val_a"]);
> $my_val_b = addslashes($HTTP_POST_VARS["val_b"]);
> $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)";
>
> Or if you have magic_quotes_gpc turned on (the default) all vars
passed
> in from forms/cookies are quoted and SQL injection
At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote:
>"INSERT INTO foo (a,b) VALUES (?,?)"
$my_val_a = addslashes($HTTP_POST_VARS["val_a"]);
$my_val_b = addslashes($HTTP_POST_VARS["val_b"]);
$query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)";
Or if you have magic_quotes_gpc turned on (the
> I think you misunderstood me. I already have a
AuthenticateUser(TEXT,TEXT)
> function that works great. What I don't understand is how to get PHP
to
> use place holders for data binding. This is more generic database
issue. I
> could have also written:
>
> "INSERT INTO foo (a,b) VALUES (?,?)"
>
--
From: Joshua b. Jore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 4:00 PM
To: Maxim Maletsky (PHPBeginner.com)
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] PHP Security Leak (plaintext)
Foo. Somehow I encrypted the last message.
--[PinePGP]--
gins
>
>
>
> > -Original Message-
> > From: Joshua b. Jore [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 25, 2002 10:26 PM
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: [PHP] PHP Security Leak
> >
> > This brings up another issue,
-BEGIN PGP MESSAGE-
Comment: For info see http://www.gnupg.org
owGlWL9vHMcVlmy4IcDCQIC0L2qONJZLibGS4GDrN63QpkRFRyURDEGY2527Hd3s
znpmlucNYDduXLhwlyqA/4BUaVwZSJogQJIirowAKVykc7oAQrp8b3bvdu9ES5bM
I4i7mX1v3rz3fd97x083Xz770qsffPPOHz6JPv/p2b9+48+88Rf15QH5TBUzqk1F
uXJVkUrrvDEp5TKmAxLaSpHWlIkTSYK
IL PROTECTED]
> Subject: RE: [PHP] PHP Security Leak
>
> This brings up another issue, how the heck do you get data binding?
For
> the life of me I don't see where the _query functions support SQL
like:
>
> "SELECT AuthenticateUser(?,?)" where then the first param mi
This brings up another issue, how the heck do you get data binding? For
the life of me I don't see where the _query functions support SQL like:
"SELECT AuthenticateUser(?,?)" where then the first param might be a
usernamd and the second would be a password. The idea is that without this
sort of t
> -Original Message-
> From: Liam Gibbs [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 25, 2002 8:20 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] PHP Security Leak
>
> I'm wondering if anyone has any ideas on how to make a
> login site more secure. Since I'm not really sure if
> I've e
9 matches
Mail list logo