[thelist] PHP tip
Paul Bennett
paul at teltest.com
Tue Feb 4 12:49:03 CST 2003
Rob Whitener wrote:
>Could you expand on that a little. What kind of vulnerabilites? Security
>risks or design flaws?
>
>
basically you haven't checked the posted values for the possibility of
an injection attack into your database. So someone could write
something like:
"trevor'; drop database <whatever your databaseName is>" into a form
field, and because you haven't checked this value (ie: used
strip_tags() or addslashes() just for *starters*) a malicious piece of
sql could be executed and screw your database.
>
>
--
Paul Bennett
Internet Developer
Teltest Electronic Design
--------------------------
Phone : 64 4 237 0767
Web : http://www.teltest.com
Wap : http://wap.teltest.com
Email : paul at teltest.com
--------------------------
More information about the thelist
mailing list