I got that auto add slashes thing on. is it enough?
If not how should I go about adding them?
like this?
$_SERVER['REMOTE_HOST'] = addslashes($_SERVER['REMOTE_HOST']);
What sort of effects could an attack have?
I am intergrating stats into a site. What other vars could I gather info
from?
Thanks,
JJ Harrison
[EMAIL PROTECTED]
www.tececo.com
BTW I have fixed the error now.
----- Original Message -----
From: "1LT John W. Holmes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, June 23, 2002 2:11 PM
Subject: Re: [PHP] Error(Newbie)
>$query = "INSERT INTO `stats` (`vid`, `id`, `vn`, `time`, `host`,
`referrer`, `browser`) VALUES ('', '$id', '$_COOKIE
>['tececo_stats']', '$time', '$_SERVER['REMOTE_HOST']',
'$_SERVER['HTTP_REFERER']', '$_SERVER
>['HTTP_USER_AGENT']'); ";
I hope you are using addslashes on your $_COOKIE and $_SERVER vars, too,
otherwise your query is wide open to some attacks...
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
