[nycphp-talk] php in securityfocus 218
Tim Gales
tgales at tgaconnect.com
Mon Oct 20 20:44:17 EDT 2003
Chris,
If you're still interested in stuff about SQL injections --
here's a link for you:
http://freshmeat.net/projects/sql_inject/?topic_id=914
Pardon my other post on this -- I thought you were joking
when you suggested you were afraid that you might be
vulnerable from sql masquerading as an e-mail address.
T. Gales & Associates
Helping People Connect with Technology
http://www.tgaconnect.com
-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris
Snyder
Sent: Tuesday, October 14, 2003 8:47 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] php in securityfocus 218
Analysis & Solutions wrote:
>PHP Prayer Board SQL Injection Vulnerability
>http://www.securityfocus.com/bid/8774
>
I put SQL into my prayers all the time, is this a bad thing?
:-)
In an attempt, um, to redeem this message, what *is* an SQL
Injection
Vulnerability? Is the religious use of addslashes() on any
request
variables used in a database query enough to prevent it?
For example:
$email = $_GET['email'];
$safeemail = addslashes($email);
$query = "SELECT * FROM supplicants WHERE email='$safeemail'
";
Is this safe, or is my site at the mercy of a clever SQL
injector?
csnyder
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list