> -----Original Message----- > From: Wolf [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 05, 2008 10:33 AM > To: Boyd, Todd M. > Cc: Per Jessen; php-general@lists.php.net > Subject: RE: Re: [PHP] Are there free http mysql tunneling writed in > php ? > > > > I don't know of any specific implementation, but surely you can > write > > > one in about 60 seconds. > > > > > > get http://domain/run-this-sql?db=database&text=blahblahblah > > > > > > I'm sure you get the idea. > > > > From a security standpoint, this is wiiiiiiiide open for SQL > injection. I would recommend against using something like this for > performing SQL queries, as malicious SQL would be easy as pie to > execute. Of course, you can place the script behind layers of > security... but ad-hoc queries are a dangerous beast. > > > > > > Todd Boyd > > Web Programmer > > Well DUH, but then you should already know that we on this list don't > CODE everything for some and that the general consensus is secure your > own code.
I seem to have hit a nerve. Sorry for explaining best practices when I feel they're applicable. Todd Boyd Web Programmer
