Posted by plemon on 01/16/07 18:39

so you are saying i should have magic quotes turned on? im reading up
more on sql injection at the moment still don't understand it at all.

On Dec 1 2006, 8:00 am, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> plemon wrote:
> > and there server im on is locked down like sadam so there not getting
> > in to do that and my ftp yeah sure they can try to crack it hehIt is a common mistake to think you are safe if the server is allright.
> If the programmers on the secure server make mistakes, the server cannot do
> a thing about it.
> If your server is military strength, and runs a webserver running PHP
> without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
> how 'safe' the server is.
> Security is no magic. And it starts with programmers taking it seriously.
>
> If you do not know what SQL-injection is, chances are you didn't write safe
> code.
>
> Really, I warned you 3 times in this thread, and you still don't listen.
> So my advise is once again: Do yourself a favor, and make sure you
> understand what SQL-injection is and how to protect yourself.
> Google for it, understand it, then program the rest of your site.
>
> Regards,
> Erwin Moller
>
> > Erwin Moller wrote:
> >> so many sites so little time wrote:
>
> >> > alright so i deleted the part about you must have made a mistake in
> >> > using this page
> >> > and added
> >> > if (!$r) {
> >> > // There was an error
> >> > // for simplicity sake, I'll just print it and exit
> >> > exit('Error in query (' . $query . '): ' . mysql_error());
> >> > }
> >> > and as you can see at kirewire.com/pp2/update_site.php
> >> > all it says now is you must have made a mistake in your query
>
> >> > agian the queries are:
>
> >> > <snip>
> >> > // Define the query.
> >> > $query = "UPDATE home SET header='{$_POST['header']}',
>
> >> Did you fix the SQL-injection vunerability I was warning you about?
> >> No.
> >> Reread my post.
> >> Do yourself a favor and fix it.
>
> >> Regards,
> >> Erwin Moller

• Next in forum: Re: Line breaks (\n) from a html form textarea??? HELP!
• Prev in forum: Re: Mail() is eating my bcc: header
• Thread view: Re: the script wont work and i cant find anything wrong please help

[Reply to this message]