RE: [PHP] PHP Security Leak (plaintext)

Richard Archer Thu, 25 Apr 2002 15:24:41 -0700

At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote:

>"INSERT INTO foo (a,b) VALUES (?,?)"


$my_val_a = addslashes($HTTP_POST_VARS["val_a"]);
$my_val_b = addslashes($HTTP_POST_VARS["val_b"]);
$query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)";

Or if you have magic_quotes_gpc turned on (the default) all vars passed
in from forms/cookies are quoted and SQL injection is not possible.

 ...R.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Security Leak (plaintext)

Reply via email to