Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
SQL injection and PHP/MYSQL
From: Robert Buljevic (skeptics1c.org)
Date: Tue Sep 09 2003 - 14:04:25 CDT
I'm well aware of the sql injection problem when accepting non-trusted data.
However, I'm interested in a more concrete example, precisely the PHP/MySQL
Suppose I have some input text that's passed to mysql for searching via http
What characters should I allow/disallow?
And is it enough to use PHP's addslashes function? If not, why? Could you
provide any example of input that could cause injection even if it's
slashed - always referring to the particular case of PHP/MYSQL?
Any info would be appreciated... Thanks!