Yeah, magic_quotes will be enough, but it only handles GET, POST, and COOKIE
data. I'm not sure what SERVER variables can be trusted, so it wouldn't hurt
to addslash them...
There isn't much of a risk to your query, but someone could still mess
things up. If they formatted a cookie like
$_COOKIE['tececo_stats'] =
"bad_data','bad_time','bad_host','bad_referrer','bad_agent')#";
it would allow them to insert bad data into your table...
---John Holmes...
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, June 23, 2002 2:50 AM
Subject: Re: [PHP] Error(Newbie)
> I got that auto add slashes thing on. is it enough?
>
> If not how should I go about adding them?
>
> like this?
>
> $_SERVER['REMOTE_HOST'] = addslashes($_SERVER['REMOTE_HOST']);
>
> What sort of effects could an attack have?
>
> I am intergrating stats into a site. What other vars could I gather info
> from?
>
> Thanks,
>
> JJ Harrison
> [EMAIL PROTECTED]
> www.tececo.com
>
> BTW I have fixed the error now.
>
> ----- Original Message -----
> From: "1LT John W. Holmes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Sunday, June 23, 2002 2:11 PM
> Subject: Re: [PHP] Error(Newbie)
>
>
> >$query = "INSERT INTO `stats` (`vid`, `id`, `vn`, `time`, `host`,
> `referrer`, `browser`) VALUES ('', '$id', '$_COOKIE
> >['tececo_stats']', '$time', '$_SERVER['REMOTE_HOST']',
> '$_SERVER['HTTP_REFERER']', '$_SERVER
> >['HTTP_USER_AGENT']'); ";
>
> I hope you are using addslashes on your $_COOKIE and $_SERVER vars, too,
> otherwise your query is wide open to some attacks...
>
> ---John Holmes...
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
