Full Disclosure mailing list archives
Re: Question: is this exploitable?
From: John Sage <jsage () finchhaven com>
Date: Sat, 18 Oct 2003 15:47:38 -0700
heh.. On Sat, Oct 18, 2003 at 07:16:13AM -0700, Randal L. Schwartz wrote:
"Paulo" == Paulo Pereira <pjp () paulo-pereira net> writes:Paulo> $sth = $dbh->prepare("insert into projects values(null,\"$project\")"); This clearly should have been: my $sth = $dbh->prepare("insert into projects values(null, ?)"); $sth->execute($project); which will Do The Right Thing. Placeholders, people. Placeholders.
Hello, Randal! How good of you to be here! - John -- "Most people don't type their own logfiles; but, what do I care?" - John Sage: InfoSec Groupie - ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus- - ATTENTION: this entire message is privileged communication, intended for the sole use of its recipients only. If you read it even though you know you aren't supposed to, you're a poopy-head. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question: is this exploitable? Paulo Pereira (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jason Dixon (Oct 18)
- Re: Question: is this exploitable? Randal L. Schwartz (Oct 18)
- Re: Question: is this exploitable? John Sage (Oct 18)
- Re: Question: is this exploitable? Codex (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)