Hi all,
I'm new to this list and new to php programming so sorry if I do
something wrong here :)
Ok, now to my problem.
I've created a query to update a mysql db, and it isn't working, and
it's not throwing me any errors, so I need some help to figure out
what's wrong here. My code follows
marcelo Wolfgang wrote:
Hi all,
I'm new to this list and new to php programming so sorry if I do
something wrong here :)
Ok, now to my problem.
I've created a query to update a mysql db, and it isn't working, and
it's not throwing me any errors, so I need some help to figure out
what's wro
marcelo Wolfgang skrev:
Hi all,
I'm new to this list and new to php programming so sorry if I do
something wrong here :)
Ok, now to my problem.
I've created a query to update a mysql db, and it isn't working, and
it's not throwing me any errors, so I need some help to figure out
what's wro
Hi,
It's fixed, I think the problem where at the '==' ... I have to remember
that in PHP this is like ActionScript.
Also, what if $_GET['act'] is neither 'a' or 'd'?
Again, what if $_GET['id'] is null?
The only way to not be 'a' or 'd' or to be null is if someone mess with
url, which shoul
2007. 04. 11, szerda keltezéssel 16.57-kor Fredrik Thunberg ezt írta:
> marcelo Wolfgang skrev:
> > Hi all,
> >
> > I'm new to this list and new to php programming so sorry if I do
> > something wrong here :)
> >
> > Ok, now to my problem.
> >
> > I've created a query to update a mysql db, and
and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
I think tha tit will be too much of a hacker effort just to kill a table
of contact emails, and also he will have to guess ( is there other way
? ) the table name, but just to be on a s
Marcelo Wolfgang wrote:
and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
I think tha tit will be too much of a hacker effort just to kill a
table of contact emails, and also he will have to guess ( is there
other way ? ) the table na
2007. 04. 11, szerda keltezéssel 17.36-kor Marcelo Wolfgang ezt írta:
> > and what if $_GET['id'] is something like
> > "1; DROP TABLE tb_emails;"
> > ??
> >
> > SQL injection just waits to happen
>
> I think tha tit will be too much of a hacker effort just to kill a table
> of contact emails,
and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
Something I just thought, he could do a drop table inside an update
statement ? because the query is :
UPDATE tb_emails SET bol_active = $action WHERE auto_id = $id
so if he changed t
Marcelo Wolfgang wrote:
and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
Something I just thought, he could do a drop table inside an update
statement ? because the query is :
UPDATE tb_emails SET bol_active = $action WHERE auto_id
10 matches
Mail list logo
