Hi all, after a long break I'm back again, and it wouldn't be me, if I didn't want to turn around everything :)
What I've recognized is that the page-width of http://www.php.net/manual/en/security.database.php causes difficulties to read this chapter for people with a smaller screen-resolution. So I'd like to do the following changes to ease this situation a little bit: change line 787 $query = "SELECT * FROM products WHERE id LIKE '%a%' exec master..xp_cmdshell 'net user test testpass /ADD'--"; to $query = "SELECT * FROM products WHERE id LIKE '%a%' exec master..xp_cmdshell 'net user test testpass /ADD'--"; and line 859 $query = sprintf("SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET %d;", $offset); to $query = sprintf("SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET %d;", $offset); This change might make reading these 2 code-lines more difficult, but eases the reading of the whole chapter. If everybody aggrees, I'll commit it. Cu, Thomas Thomas Schoefbeck wrote: > tom Wed Feb 27 02:35:52 2002 EDT > > Modified files: > /phpdoc/en/chapters security.xml > Log: > typo, example-corr. > > Index: phpdoc/en/chapters/security.xml > diff -u phpdoc/en/chapters/security.xml:1.43 phpdoc/en/chapters/security.xml:1.44 > --- phpdoc/en/chapters/security.xml:1.43 Mon Feb 4 06:51:22 2002 > +++ phpdoc/en/chapters/security.xml Wed Feb 27 02:35:51 2002 > @@ -1,5 +1,5 @@ > <?xml version="1.0" encoding="iso-8859-1"?> > -<!-- $Revision: 1.43 $ --> > +<!-- $Revision: 1.44 $ --> > <chapter id="security"> > <title>Security</title> > > @@ -508,7 +508,7 @@ > access and manipulate databases within PHP scripts. > </simpara> > <simpara> > - Keep in my mind this simple rule: defence in depth. In the more place you > + Keep in mind this simple rule: defence in depth. In the more place you > take the more action to increase the protection of your database, the less > probability of that an attacker succeeds, and exposes or abuse any stored > secret information. Good design of the database schema and the application > @@ -852,7 +852,7 @@ > <title>A more secure way to compose a query for paging</title> > <programlisting role="php"> > <![CDATA[ > -settype($order, 'integer'); > +settype($offset, 'integer'); > $query = "SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET $offset;"; > > // please note %d in the format string, using %s would be meaningless