Ermmm are we forgetting the sprintf function? That is doing exactly what you
are trying (and succedding) to accomplish
if ($delete && $id)
$sql=sprintf("delete from tbl where id = %d",$id);
Personally I also use a small extra security
if ($delete && $check==md5(<SECURITYWORD> . $delete))
$sql=sprintf("delete from tbl where id = %d",$delete);
This makes sure that the person is using the correct path.
Jerry
-----Original Message-----
From: Jaime Bozza [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 7:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true that...?
Another way I validate input is by using settype();
For instance:
settype($id, "integer");
I use addslashes and settype on all data coming from a browser that ends
up being using in a query.
(abs will convert negative numbers, which may be what you want, but then
again. <G>)
Jaime Bozza
-----Original Message-----
From: Nathan Cassano [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mommy, is it true that...?
One thing that I do know is dangerous is deleting rows based on an
integer field with an unprocessed value;
Example: Delete row script
<?
if($delete && $id){
"delete from mytable where id = $id";
}
?>
By simply appending an all inclusive sql clause.
$id = "21421 or 1 = 1";
Ca-Boom! The entire table has been deleted. Don't you feel dumb!
Instead process the input.
$id = abs($id);
-----Original Message-----
From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 5:40 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Mommy, is it true that...?
2. Please enter your age: 25; drop database mysql
Does this actually work?
I've read at least a dozen articles telling people to get it in their
blood not to trust users and addslashes to any king incoming data, as
well as pass it as strings to mysql ("insert into person set age='$age'"
instead of "insert into person set age =$age).
So I decided I had to test this: I wrote the code exactly as in the
example; I provided the exact dangerous input (well, to be honest, I
tried a select instead of drop mysql). When I tried it, the presumably
dangerous situation degraded into a trivial MySQL error. It went
something like "You have an error near '; select 1+1'".
Did you ever actually try this? Does it work on your system?
Thanks in advance for the input!
Bogdan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
The information contained in this email is confidential and
may be legally privileged. It is intended solely for the
addressee. Access to this email by anyone else is
unauthorized. If you are not the intended recipient, any
form of disclosure, production, distribution or any action
taken or refrained from in reliance on it, is prohibited and
may be unlawful. Please notify the sender immediately.
The content of the email is not legally binding unless
confirmed by letter bearing two authorized signatures.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
