How well protected you are depends on your PHP version and/or configuration. in your php.ini file there is a configuration setting "magic_quotes_gpc" If this is set to On then data from GET/POST/Cookie data will be quoted If it is not it will not unless you do so manually using the php function addslashes. BE CAREFUL about turning this on if it is off. There may be applications on the server which call addslashes manually. If you turn magic_quotes_gpc things will I think get double slashed
Kai On Thu, Feb 07, 2002 at 03:43:30PM +1000, Ashley Woodbridge wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I am going over some in house code for my current employer. The code > is used on an internal website to manage SLA's and other network > device stats (Sort of a NMS). Anyway the site does not check user > input very well (Affected by CSS) and I noticed the following line of > code. > > $sql = "select designation from designation_desc where designation > =\"$designation\""; > > This code is in a function that gets called directly from a few web > pages without any input checking on the var $designation. I have > little experience with MYSQL and when i try to insert a " to break it > gets translated to a \" which of course does not allow for sql > injection. I would like to be able to show my boss a demo of what can > be done so that he will allocate time to get the website security > problem fixed (particularly because the database stores community > strings for routers and switches). > > If anyone can help it would be very greatful. > > Ashley Woodbridge. > Network Engineer > B.IT CCNP > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPGIT//lE2kyUK9QFEQIv7wCfTtLL0Ugtn97qggXdpClKZWlUV2wAoJyN > 0VRMqU/DATfAxgU9JgCW8/pF > =MBsx > -----END PGP SIGNATURE----- >
