Bugtraq mailing list archives
Re[2]: PHPNuke SQL Injection / General SQL Injection
From: alias () securityfocus com
Date: 23 Feb 2003 17:42:43 -0000
MightyE, In response to your mail of Saturday 22 February 2003 at 21:20:29: M> Actually, user supplied input from $_COOKIES, $_POST, and $_GET M> comes slash-escaped, so if the user enters M> ' or 1=1 M> as their input, the sql statement will look like M> where some_int='\' or 1=1' M> [..snip..] M> function escape($input){ M> if (get_magic_quotes_gpc()) return $input; M> return addslashes($input); M> } M> [..snip..] Better still, always do this: ...WHERE id = ". intval($userinput) ." AND... which doesn't rely on local configuration, magicquotes etc., and resolves to (e.g.) "id = 0" when the $userinput is bad or missing. Safe, simple, portable and effective. -- Best regards, James.
Current thread:
- Re[2]: PHPNuke SQL Injection / General SQL Injection alias (Feb 24)