$database->Execute ("INSERT INTO foo SET baz='".$_POST ['bar']."'");
Filed under Code, Security, Technology, Websecurity & five comments & no trackbacks
Trackback specific URI for this entry
No Trackbacks
r00t my SQL!
Reply
You’re right. Root your SQL ;-)
Where’s the problem? I know people who use the same statements and do a
some lines before. I don’t like those people (way of programming) but still can’t takeover their scripts …
Btw: Would you mind to deactivate google-analytics? It makes you site almost inaccessible.
Yeah, I know that. But my example above wasn’t meant this way. It was just a possibility for SQL-injections. What do you mean with Google Analytics? Is it slow?
yap :)
Scott returns:
published on March 10th 2006, 12:28:10 pmr00t my SQL!
Reply
Lars Strojny reckons:
published on March 10th 2006, 12:33:05 pmYou’re right. Root your SQL ;-)
Reply
Chris responses:
published on March 10th 2006, 03:26:41 pmWhere’s the problem? I know people who use the same statements and do a
$_POST[‘bar’] = mysql_real_escape_string($_POST[‘bar’]);some lines before. I don’t like those people (way of programming) but still can’t takeover their scripts …
Btw: Would you mind to deactivate google-analytics? It makes you site almost inaccessible.
Reply
Lars Strojny says:
published on March 11th 2006, 03:27:23 pmYeah, I know that. But my example above wasn’t meant this way. It was just a possibility for SQL-injections.
What do you mean with Google Analytics? Is it slow?
Reply
rokus states:
published on March 12th 2006, 12:56:56 pmyap :)
Reply