))
$sql=sprintf(delete from tbl where id = %d,$delete);
This makes sure that the person is using the correct path.
Jerry
-Original Message-
From: Jaime Bozza [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 7:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true
On Friday 21 December 2001 02:39, you wrote:
I believe (not sure so please clarify) that if your code was
if ($pwd == goodpwd) $lethimin = 1;
else $lethimin = 0;
the code would be secure. only setting the variable when the pass is correct
would be too easy to crack right? since I'd call the
! The entire table has been deleted. Don't you feel dumb!
Instead process the input.
$id = abs($id);
-Original Message-
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 5:40 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Mommy, is it true that...?
2. Please enter
Yes, that's a very good one I didn't think of!
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Ca-Boom! The entire table has been deleted. Don't you feel dumb!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
-Original Message-
From: Nathan Cassano [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true that...?
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Example
Hi everybody!
Two things I consider urban myths about PHP (plus MySQL) - please let me
know what you think of these:
1. The evil global variables
Ok, the classic
?
if ($pwd==GOODPASSWORD)
{
$lethimin=1;
}
[bullshit code]
if ($lethimin)
{
echo(fread(fopen(/etc/passwd,r)));
At 03:39 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
Hi everybody!
Two things I consider urban myths about PHP (plus MySQL) - please let me
know what you think of these:
1. The evil global variables
[...]
My question to you guys is this: does anybody know of a real example of
reasonably
7 matches
Mail list logo
