[nycphp-talk] php in securityfocus 218
Chris Snyder
csnyder at chxo.com
Tue Oct 21 09:14:30 EDT 2003
That looks like a handy class, thanks Tim.
I was only half-joking -- more trying to shine a flashlight on the
issue. SQL injection vulnerabilities seem to be a problem in a lot of
open source applications, and probably an even bigger problem in the
scripts that we never see.
My understanding was (with MySql anyway) that you only needed to be
careful with stray quotes, so that an attacker would have no way to
rewrite your query. I never really considered the possibility of
overflows or attack by value of the wrong type, because in my experience
those conditions were either handled gracefully or generated an error
and I was lazy.
So we can kill this thread, is it safe to say that three best practices
here are:
1) always check user input to make sure it's the type and size of data
that you expect
2) use mysql_real_escape_string() if possible, or addslashes() to escape
any quotes in the data
3) always encapsulate field values in quotes in your queries
csnyder
Tim Gales wrote:
>Chris,
>
>If you're still interested in stuff about SQL injections --
>here's a link for you:
>
>http://freshmeat.net/projects/sql_inject/?topic_id=914
>
>Pardon my other post on this -- I thought you were joking
>when you suggested you were afraid that you might be
>vulnerable from sql masquerading as an e-mail address.
>
>
>
More information about the talk
mailing list