[thelist] Security issue

Michael Kimsal michael at tapinternet.com
Tue Jun 25 08:15:01 CDT 2002


N Saidova wrote:
> Guys,
>
> I just managed to "hack" into one of my older authentication scripts
> (in ASP) by typing:
> x' or 1=1 --
> in the user field.
> On the newer scripts (PHP) it didn't work.
> I guess it also depends on the way the SQL query is formulated...


probably under PHP the 'magic quotes' is on which will automatically
'escape' quotes for you.




More information about the thelist mailing list