|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dag-Erling Smorgrav (des
THINKSEC.COM)Date: Tue Feb 20 2001 - 10:08:09 CST
Neil K <neilkALLDAS.DE> writes:
> Anyways how to patch?? well you could parse out the following character from *all
> the user defined fields: '.
Half-assed workaround. The correct fix is to modify the call to
$dbh->prepare() as follows:
> $sth = $dbh->prepare("SELECT * FROM login WHERE pid='$mycookpid' && agent='$agent' ORDER BY stime DESC");
$sth = $dbh->prepare("SELECT * FROM login WHERE pid=" .
$dbh->quote($mycookpid) .
" && agent =" .
$dbh->quote($agent) .
" ORDER BY stime DESC");
> "I'm always Frank and Ernest with the ladies,
> Frank in New York, Ernest in Boston"
> --quoted from some film i watched last night
Samuel L. Jackson to Larry King in _The Long Kiss Goodnight_ - the
correct quote is "I'm always frank and earnest with women. Uh, in New
York I'm Frank, and in Chicago I'm Ernest."
DES
-- Dag-Erling Smørgrav - des
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]