On 2003-06-13 14:42-0400, Pushpinder Singh Garcha wrote:
> How is variable poisoning possible when using $_POST ?? I always felt
> that the php compiler should check to see if the variable was part of
> the POST Global array. At least this is is what I thought about the
> $_POST global array.
On Friday, June 13, 2003, at 02:22 PM, Zak Johnson wrote:
$_POST variables are still subject to poisoning; in your case, SQL
injection.
How is variable poisoning possible when using $_POST ?? I always felt
that the php compiler should check to see if the variable was part of
the POST Global arr
[snip]
$sql1 = "INSERT INTO `contacts`
VALUES (
$_POST['company'],
$_POST['pri_name'],
$_POST['sec_name'],
$_POST['assistant_1'],
$_PO
On 2003-06-13 14:15-0400, Pushpinder Singh Garcha wrote:
> I am trying to execute a simple query using $_POST variables, so
> that variable poisoning is not possible. note: I have register_globals
> ON on my site. I am getting the error shown below . Please advise ...
> as I can't seem to f
4 matches
Mail list logo
