Re: HELP: pesky SQL syntax error using PHP variables — PHP Programming Language

You are here: Re: HELP: pesky SQL syntax error using PHP variables « PHP Programming Language « IT news, forums, messages

Posted by Frankie on 07/14/06 02:00

----- Original Message -----
From: "Robin" <anon@somewhere.com>
Newsgroups: comp.lang.php
Sent: Thursday, July 13, 2006 3:25 AM
Subject: Re: HELP: pesky SQL syntax error using PHP variables

><snip>
>
> You cannot guarantee that this value will only be one of your <option>
> tag values. Posted data is easily forged.

Hmmm.

So you're suggesting all POST data be cleaned, even if it comes from a
select menu which doesn't allow user input? In this case, a bogus POST value
would only cause the query to fail, right? Or could a malicious user gain
access to the server this way?

At the moment, I only clean data that allows direct user input, such as text
fields.

F.H.

Navigation:

Next in forum: Re: HELP: pesky SQL syntax error using PHP variables
Prev in forum: Re: calling a javascript alert from php
Thread view: Re: HELP: pesky SQL syntax error using PHP variables

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация