At 03:39 AM 12/21/2001 +0200, Bogdan Stancescu wrote: >Hi everybody! > >Two things I consider urban myths about PHP (plus MySQL) - please let me >know what you think of these: > >1. The evil global variables [...] >My question to you guys is this: does anybody know of a real example of >reasonably careful coding led to disaster with global variables?
I personally don't, but apparently the PHP developers think it's enough of a risk that they've deprecated register_globals in 4.1.0... >2. Please enter your age: 25; drop database mysql > >Does this actually work? [...] >So I decided I had to test this: I wrote the code exactly as in the >example; I provided the exact dangerous input (well, to be honest, I >tried a select instead of drop mysql). When I tried it, the presumably >dangerous situation degraded into a trivial MySQL error. It went >something like "You have an error near '; select 1+1'". I've done something similar in the past just for kicks, and I got the same result you did (i.e. an error). I believe this is because mysql_query() expects ONE query at a time and will break if you send two or more. I could be completely and totally wrong about that, though (someone please correct me if I am)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
