WebApp Sec mailing list archives
Re: Anyone have some basic security tips for PHP-programmers?
From: Tommy Gildseth <tommy () akili no>
Date: Sun, 23 Nov 2003 01:10:37 +0100
Härnhammar wrote:
Quoting tim () xi co nz:From my point of view, magic_quotes is a bad idea, because it can't possibly cover every way data can enter your script, and it's counterproductive when you want to do other things with that data.I agree.One more argument against magic quotes is that they provide a false sense of security, by not helping against some common cases of SQL Injections: the ones where you don't need to use any apostrophes or quotes.
Yes, but none of your examples overlap with the piece of code I was commenting on. Ie, the original code doesn't solve any of the problems you have described here. This is also why I further down remark that this kind of filtering is inadequate, and that you should instead relly on functions like is_numeric() and mysql_escape_string() etc. As far as I have experienced, it's not a problem to ignore wether magic quotes is on or not. Just act os if they are not. My point in mentioning magic quotes was that the code shown, was esentially duplicating functionality allready built into and turned on by default in PHP.
Tommy
Current thread:
- RE: Anyone have some basic security tips for PHP-programmers?, (continued)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 20)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? DownBload (Nov 18)
- RE: Anyone have some basic security tips for PHP-programmers? Keifer, Trey (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? tim (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 24)
- Re: Anyone have some basic security tips for PHP-programmers? Andreas (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Sverre H. Huseby (Nov 25)