Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DB_eSession deleteSession() SQL injection

From: interact () interactimpact com
Date: 1 May 2006 22:07:04 -0000
I think the solution below is a better and safer approach.

replace addslashes() with mysql_real_escape_string()

$_sess_id_set = ( empty($_sess_id_set) ) ? NULL: mysql_real_escape_string($_sess_id_set);
Previous By Date Next
Previous By Thread Next

Current thread: