Re: Question re: sql injection — PHP Programming Language

You are here: Re: Question re: sql injection « PHP Programming Language « IT news, forums, messages

Posted by Malcolm Dew-Jones on 06/28/07 23:36

jb (jbriere@gmail.com) wrote:
: Hi all, ive been tasked with reviewing a php app for sql injection
: vulnerabilities left behind by another developer.

Use bind variables, Some oracle examples to illustrate how

(old link, is this still around?)

http://www.oracle.com/ technology/ pub/ articles/
oracle_php_cookbook/ ullman_bindings.html

You're using mysql so use either of the following interfaces

1) mysql via mysqli (look for "bind")

http://ca.php.net/mysqli

2) mysql without mysqli

<quote>
Andy Hassall
Sep 6, 2:28 pm
...
I recommend using the ADOdb library
(http://adodb.sourceforge.net/).
</quote>

Navigation:

Next in forum: Is Php built in function ' imagecreate()' compatible in Php version 5.2.2 ?
Prev in forum: Re: Question re: sql injection
Thread view: Re: Question re: sql injection

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация