|
|
Posted by Jerry Stuckle on 06/28/07 22:13
jb wrote:
> Hi all, ive been tasked with reviewing a php app for sql injection
> vulnerabilities left behind by another developer. I'm not a php
> developer by trade, but ive tinkered with php, and I have a firm
> handle on what sql injection is in the context of other platforms.
> Ive seen various methods of prevention recommended, and unfortunately
> for me, our former developer appears to have used all of them in
> various parts of the app. Some use mysql_escape_string, some use
> myql_real_escape_string , some use a quote_smart function which checks
> the magic quotes setting and uses addslashes appropriately.
>
> But one has me a little confused, and i'm not sure if it is a valid
> method for blocking sql injection.
>
> where username = \"" . $_COOKIE["user"] . "\"";
>
> does wrapping the string in double quotes somehow tell mysql to treat
> the contents within as literal? Thus making it sql injection safe?
>
No, this is not injection safe.
And sql injection can be very insidious. I highly recommend you get an
experienced PHP person to help you with it. Especially since your
developer wasn't consistent in how he handled the possible injections.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|