Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question: is this exploitable?

From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Sat, 18 Oct 2003 21:23:40 -0400
Eh? How does this prevent a sql injection exploit?  Placeholders (as was
previously suggested) are really the only way to accomplish that.


$query=sprintf("insert into projects values(null,%s)",dbh->quote($project));
$sth = $dbh->prepare($query);



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: