|  | Posted by Dikkie Dik on 06/28/07 21:56 
Not when the user name in the cookie is:
 x" or 1=1-- x
 
 (the comment signs are for supressing errors otherwise caused by the
 closing quote).
 
 Best regards.
 
 jb wrote:
 > Hi all, ive been tasked with reviewing a php app for sql injection
 > vulnerabilities left behind by another developer. I'm not a php
 > developer by trade, but ive tinkered with php, and I have a firm
 > handle on what sql injection is in the context of other platforms.
 > Ive seen various methods of prevention recommended, and unfortunately
 > for me, our former developer appears to have used all of them in
 > various parts of the app.  Some use mysql_escape_string, some use
 > myql_real_escape_string , some use a quote_smart function which checks
 > the magic quotes setting and uses addslashes appropriately.
 >
 > But one has me a little confused, and i'm not sure if it is a valid
 > method for blocking sql injection.
 >
 > where username = \"" . $_COOKIE["user"] . "\"";
 >
 > does wrapping the string in double quotes somehow tell mysql to treat
 > the contents within as literal? Thus making it sql injection safe?
 >
  Navigation: [Reply to this message] |