[thelist] PHP tip
Rob Whitener
rwhitener at DesignOptions.com
Tue Feb 4 12:58:02 CST 2003
Thanks for the enlightenment, I found a whitepaper on SQL injections
(http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf) in case
anyone else needs the info.
Also, if I check everything on the client side before I submit it to my php
script would that alleviate the threat of sql injection?
-----Original Message-----
From: rudy [mailto:r937 at interlog.com]
Sent: Tuesday, February 04, 2003 1:47 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] PHP tip
> What kind of vulnerabilites? Security risks or design flaws?
perhaps both
do a google for "sql injection"
as for the design, you will surely someday have a form where one or more
fields are optional, in which case they will be empty, which will result in
your script trying to insert a zero-length string, which is not the right
value to insert into database fields that are optional (use NULL instead)
rudy
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list