ID: 30274 Updated by: [EMAIL PROTECTED] Reported By: troels at arvin dot dk -Status: Bogus +Status: Closed Bug Type: Documentation problem PHP Version: Irrelevant New Comment:
Ooops, I see what you mean, please excuse me. Previous Comments: ------------------------------------------------------------------------ [2004-09-29 17:15:53] [EMAIL PROTECTED] I don't know why you think the query would be a syntax error, but you are wrong. It works fine. Marking as Bogus and reverting. ------------------------------------------------------------------------ [2004-09-29 13:52:50] [EMAIL PROTECTED] This bug has been fixed in the documentation's XML sources. Since the online and downloadable versions of the documentation need some time to get updated, we would like to ask you to be a bit patient. Thank you for the report, and for helping us make our documentation better. ------------------------------------------------------------------------ [2004-09-29 13:37:56] troels at arvin dot dk Description: ------------ The manual page for mysql_real_escape_string() has a section on the danger of SQL injection; that's nice. However, the example used to illustrate the danger is wrong and misleading, as far as I can see. The page states ... // We didn't check $_POST['password'], it could be anything the user wanted! For example: $_POST['username'] = 'aidan'; $_POST['password'] = "' OR 1=1"; ... However, setting $_POST['password'] to ' OR 1=1 will result in a query like this, which isn't very dangerous because it's a syntax error: SELECT * FROM users WHERE name='aidan' AND password='' OR 1=1' A better example of a dangerous value of $_POST['password'] would be: ' OR ''=' because it would result in this query: SELECT * FROM users WHERE name='aidan' AND password='' OR ''='' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30274&edit=1
