Re: _GET['name'] truncates — PHP Programming Language

You are here: Re: _GET['name'] truncates « PHP Programming Language « IT news, forums, messages

Posted by Toby A Inkster on 02/06/07 00:49

Jerry Stuckle wrote:

> http://www.example.com?sql=delete%20from%20orders

Given the sample code posted:

<?php
error_reporting(E_ALL);
$query = $_GET['sql'];
echo $query;
?>

Your query would just print:

delete from orders

Which would not be insecure in the slightest -- after all, the script
doesn't even open a database connection!

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/CSS/Javascript/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

Navigation:

Next in forum: Re: include files with similar contents
Prev in forum: Re: Interesting date
Thread view: Re: _GET['name'] truncates

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация