Date: Sunday, June 21, 2015 12:39:06 PM -0400
From: Aziz Saleh azizsa...@gmail.com
On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine les...@lsces.co.uk
wrote:
OK - this had no chance of success since publish_date_desc is
processed using the _desc ( or _asc ) and any invalid data
stripped
On Sun, Jun 21, 2015 at 9:19 AM, Lester Caine les...@lsces.co.uk wrote:
OK - this had no chance of success since publish_date_desc is processed
using the _desc ( or _asc ) and any invalid data stripped
But what does your application do when it gets an invalid SQL statement?
Maybe it is telling the attacker something important about your database so
that they can compromise it with the appropriate injection.
On 2:36PM, Sun, Jun 21, 2015 Lester Caine les...@lsces.co.uk wrote:
On 21/06/15 18:55,
On 21/06/15 20:14, Mark Murphy wrote:
But what does your application do when it gets an invalid SQL statement?
Maybe it is telling the attacker something important about your database so
that they can compromise it with the appropriate injection.
It just defaults to the first news article in
On 21/06/15 18:55, Richard wrote:
OK - this had no chance of success since publish_date_desc is
processed using the _desc ( or _asc ) and any invalid data
stripped
sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20n
On 16/05/15 10:00, Karl DeSaulniers wrote:
That does clarify things a bit better on both the @ question
and prepared statements. Thank you for the link as well.
So new question.. what is the best type of database to use
for someone who wants to start small and grow big?
My findings led me
On May 16, 2015, at 8:42 AM, Lester Caine les...@lsces.co.uk wrote:
On 16/05/15 10:00, Karl DeSaulniers wrote:
That does clarify things a bit better on both the @ question
and prepared statements. Thank you for the link as well.
So new question.. what is the best type of database to use
On 16/05/15 14:51, Karl DeSaulniers wrote:
Interesting. I program in MySQL on a hosting plan by a third party.
I have heard/read MySQL is not an enterprise solution, but
for the basic business with say less than 100,000 customers,
it does the job and well. Larger than that I had hear Postgres
On 15/05/15 06:21, Karl DeSaulniers wrote:
Oh ok. Now it makes a little more sense.
I have worked in ASP before, but I am programming in PHP and MySQL at the
moment.
I am going to look into Prepared Statements. Thanks for your feedback.
Just to clarify things a little here and explain
On May 16, 2015, at 3:51 AM, Lester Caine les...@lsces.co.uk wrote:
On 15/05/15 06:21, Karl DeSaulniers wrote:
Oh ok. Now it makes a little more sense.
I have worked in ASP before, but I am programming in PHP and MySQL at the
moment.
I am going to look into Prepared Statements. Thanks
On 15.05.2015 07:21, Karl DeSaulniers wrote:
On May 14, 2015, at 11:11 PM, Onatawahtaw onatawah...@yahoo.ca wrote:
Hi Karl,
If you look at the link you provided you'll notice that some of the code is for
ASP.net and some is for PHP.
I have looked in the link. Most problems by inject an
-Kevin Waddell
Proverbs 3:5-6
On Fri, 5/15/15, Ruprecht Helms rhe...@rheynmail.de wrote:
Subject: Re: [PHP-DB] SQL Injection
To: php-db@lists.php.net
Date: Friday, May 15, 2015, 10:16 AM
On 15.05.2015 07:21, Karl DeSaulniers wrote:
On May
On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers k...@designdrumm.com
wrote:
Hello Everyone,
Have a quick question. Was reading some material and wanted some Players
perspective.
I know w3schools is not the de-facto on everything, so I wanted to know
how reliable is the information on this
On May 14, 2015, at 8:09 PM, Aziz Saleh azizsa...@gmail.com wrote:
On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers k...@designdrumm.com
wrote:
Hello Everyone,
Have a quick question. Was reading some material and wanted some Players
perspective.
I know w3schools is not the de-facto
On 15/05/14 18:19 , Karl DeSaulniers wrote:
On May 14, 2015, at 8:09 PM, Aziz Saleh azizsa...@gmail.com wrote:
On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers k...@designdrumm.com wrote:
Hello Everyone,
Have a quick question. Was reading some material and wanted some Players
perspective.
On May 14, 2015, at 8:37 PM, Jigme Datse Yli-Rasku jigme.da...@gmail.com
wrote:
On 15/05/14 18:19 , Karl DeSaulniers wrote:
On May 14, 2015, at 8:09 PM, Aziz Saleh azizsa...@gmail.com wrote:
On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers k...@designdrumm.com
wrote:
Hello Everyone,
On May 14, 2015, at 11:11 PM, Onatawahtaw onatawah...@yahoo.ca wrote:
Hi Karl,
If you look at the link you provided you'll notice that some of the code is
for ASP.net and some is for PHP. What of the two are you programming in? If
you are programming in ASP.net you are asking your
Hi Karl,
If you look at the link you provided you'll notice that some of the code is for
ASP.net and some is for PHP. What of the two are you programming in? If you are
programming in ASP.net you are asking your question to the wrong mailing list
as this list is for PHP. If you are programming
I'm pretty amateur at this too, but have done a little reading on the subject.
Here's some nuggets to ponder while the real experts write their responses: :)
1. Magic quotes + mysql_escape_string = double escaped stuff. I think the
general opinion is the magic quotes is evil, but I'm sure
NOTE:
http://www.php.net/mysql_escape_string
Version: 4.3.0
Description: This function became deprecated, do not use this
function. Instead, use mysql_real_escape_string().
Jordan
On Aug 25, 2005, at 2:15 PM, [EMAIL PROTECTED] tg-
[EMAIL PROTECTED] wrote:
Using mysql_escape_string
Haha.. what the hell? Ok, I know this is an older copy of the script I wrote
because I know I took out the All this does is escape the data comment and I
KNOW I saw the thing about mysql_escape_string() being deprecated... don't
know why it's still in there. Hah
Thanks for pointing that out.
Estimado veditio,
you wrote:
I've got a ton of forms that use the $_POST variable to send
information into the database [...]
Any suggestions on how to tighten up the form security, or does
magic_quotes help enough?
I'm not a security expert but after some attacks I have implemented
this
22 matches
Mail list logo