[nycphp-talk] php in securityfocus 218
Chris Snyder
csnyder at chxo.com
Tue Oct 14 08:47:29 EDT 2003
Analysis & Solutions wrote:
>PHP Prayer Board SQL Injection Vulnerability
>http://www.securityfocus.com/bid/8774
>
I put SQL into my prayers all the time, is this a bad thing? :-)
In an attempt, um, to redeem this message, what *is* an SQL Injection
Vulnerability? Is the religious use of addslashes() on any request
variables used in a database query enough to prevent it?
For example:
$email = $_GET['email'];
$safeemail = addslashes($email);
$query = "SELECT * FROM supplicants WHERE email='$safeemail' ";
Is this safe, or is my site at the mercy of a clever SQL injector?
csnyder
More information about the talk
mailing list