Bugtraq mailing list archives
Re: MySQL (was Re: Notice about seconds overroll - S7K bug)
From: Radu Rendec <radu.rendec () ines ro>
Date: Mon, 17 Sep 2001 15:34:48 +0300
On Sun, 16 Sep 2001 16:24:30 -0400 (EDT) Dennis Murphy <dmurphy () nbvb com> wrote: DM> The way I dealt with this in PHP is by writing a function to validate input DM> (i.e. Make sure there's nothing but an integer coming in as a parameter). DM> There's probably a half-dozen ways to rewrite this function more efficiently, DM> but at least it works... If speed is a concern, there are faster methods to validate GET/POST data. One is to cast to int in PHP, like: $query="select * from my_table where id=".((int)$id); However, there might be a problem if int is internally represented in lower precision in PHP than it is in SQL. Another method is to enclose the variable contents in quotes: $query="select * from my_table where id='".addslashes($id)."'"; -- Radu Constantin Rendec Web Solutions Manager iNES Advertising ( http://www.ines.ro )
Current thread:
- MySQL (was Re: Notice about seconds overroll - S7K bug) Dennis Murphy (Sep 16)
- Re: MySQL (was Re: Notice about seconds overroll - S7K bug) Radu Rendec (Sep 17)
- <Possible follow-ups>
- RE: MySQL (was Re: Notice about seconds overroll - S7K bug) Rowan Kerr (Sep 17)