Re[2]: PHPNuke SQL Injection / General SQL Injection

[alias () securityfocus com]

MightyE,

In response to your mail of Saturday 22 February 2003 at 21:20:29:

M> Actually, user supplied input from $_COOKIES, $_POST, and $_GET
M> comes slash-escaped, so if the user enters
M> ' or 1=1
M> as their input, the sql statement will look like
M> where some_int='\' or 1=1'
M>       [..snip..]
M> function escape($input){
M>     if (get_magic_quotes_gpc()) return $input;
M>     return addslashes($input);
M> }
M>       [..snip..]


Better still, always do this:

        ...WHERE id = ". intval($userinput) ." AND...

which doesn't rely on local configuration, magicquotes etc., and
resolves to (e.g.) "id = 0" when the $userinput is bad or missing.

Safe, simple, portable and effective.


-- 
Best regards,
James.