|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SQL injection and PHP/MYSQL
From: Robert Buljevic (skeptic
s1c.org)
Date: Tue Sep 09 2003 - 14:04:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm well aware of the sql injection problem when accepting non-trusted data.
However, I'm interested in a more concrete example, precisely the PHP/MySQL
combination.
Suppose I have some input text that's passed to mysql for searching via http
get request.
What characters should I allow/disallow?
And is it enough to use PHP's addslashes function? If not, why? Could you
provide any example of input that could cause injection even if it's
slashed - always referring to the particular case of PHP/MYSQL?
Any info would be appreciated... Thanks!
Robert Buljevic
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]