))
$sql=sprintf(delete from tbl where id = %d,$delete);
This makes sure that the person is using the correct path.
Jerry
-Original Message-
From: Jaime Bozza [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 7:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true
On Friday 21 December 2001 02:39, you wrote:
I believe (not sure so please clarify) that if your code was
if ($pwd == goodpwd) $lethimin = 1;
else $lethimin = 0;
the code would be secure. only setting the variable when the pass is correct
would be too easy to crack right? since I'd call the
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Example: Delete row script
?
if($delete $id){
delete from mytable where id = $id;
}
?
By simply appending an all inclusive sql clause.
$id = 21421 or 1 = 1;
Ca-Boom! The
Yes, that's a very good one I didn't think of!
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Ca-Boom! The entire table has been deleted. Don't you feel dumb!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
-Original Message-
From: Nathan Cassano [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true that...?
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Example
At 03:39 AM 12/21/2001 +0200, Bogdan Stancescu wrote:
Hi everybody!
Two things I consider urban myths about PHP (plus MySQL) - please let me
know what you think of these:
1. The evil global variables
[...]
My question to you guys is this: does anybody know of a real example of
reasonably
6 matches
Mail list logo
