[thelist] PHP tip

Paul Bennett paul at teltest.com
Tue Feb 4 13:47:04 CST 2003


Andrew Maynes wrote:

>how would someone know what the DB name is?
>
That was simply an example of HOW an injection attack could be
performed. Think of all the possibilities for running malicious sql code
on your database if your form values aren't checked before the query is
executed

> A commeand like this would need a
>yes or a no respinse
>
No it doesn't,  only through the mysql command line is a y/n response
needed

>
>
>
-
Paul Bennett
Internet Developer
Teltest Electronic Design
--------------------------
Phone : 64 4 237 0767
Web : http://www.teltest.com
Wap : http://wap.teltest.com
Email : paul at teltest.com
--------------------------






More information about the thelist mailing list