Full Disclosure mailing list archives
Re: Question: is this exploitable?
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Sat, 18 Oct 2003 21:23:40 -0400
Eh? How does this prevent a sql injection exploit? Placeholders (as was previously suggested) are really the only way to accomplish that.
$query=sprintf("insert into projects values(null,%s)",dbh->quote($project)); $sth = $dbh->prepare($query);
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question: is this exploitable? Paulo Pereira (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jason Dixon (Oct 18)
- Re: Question: is this exploitable? Randal L. Schwartz (Oct 18)
- Re: Question: is this exploitable? John Sage (Oct 18)
- Re: Question: is this exploitable? Codex (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Paul Tinsley (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)
- Re: Question: is this exploitable? Jonathan A. Zdziarski (Oct 18)