Posted by J2be on 01/15/06 10:00

"Charlie King" <charlie@removethisitsaspamtrap.stopthatitssilly.com> wrote
in message news:5ofis1h3k8qt3rhkd86srotmd0j96tdmnn@4ax.com...
> On Sat, 14 Jan 2006 18:21:43 +0100, in
> <43c932fe$0$1066$4fafbaef@reader2.news.tin.it> (alt.comp.lang.php)
> "J2be" <info@nospamj2be.com> wrote:
>
>> in the features you can add
>> - Several Sql Injections
>
> Not the most constructive of your criticisms - how would you suggest
> to avoid SQL Injection attacks?
>

ehr ?!?!? ....
Never heard about Sarcasm?!?

And let me say that his Post seems to me normal spam even if it's a gpled
script!
It's quite useless to post several times posts about own scripts or the
whole newsgroup
will be submerged by tons of announcements of scripts releases.

In this particular case the script have basilar errors and there's no need
to explain
how to avoid sql injection because there are tons of tutorials and
there's only 1 thing to do to avoid them
mysql_real_escape_string() or intval() (for integer values it's the best
thing).

addslashes() and stripslashes() are USELESS to avoid sql injections but
there are still tons of persons that are using them without knowing what's
going on!!

Limiting the size of strings doesn't give any kind of benefit
and 8 should be by default(imho) the MINIMUM number of characters
to be used for a Password.
Logins with few characters can be gueessed with simple brute force attacks.
There's no need to truncate strings if you write decent code with a little
bit of brain
...... just a mysql_real_escape_string() for the strings that you put in the
sql queries.

Nothing to say about error logging.

.... But .. hey you've not explained a thing and you are yelling about
constructive things?!?!?
You've suggested random things with errors and they are not going to help
the persons
to understand to NOT SPAM and use a search engine to understand what we are
talking about!

In the end I suppose that the person that have posted the initial message
also don't care about
the newsgroup and don't give a fuck to what we say!

Next time please waste less time into writing crap and paste a link related
to Sql Injections
if you are really worried about that thing!


NOTE: Please don't continue this thread as a flame because there's nothing
more to say!!!!!!

--
----
Leonardo Armando Iarrusso - J2Be
www: http://www.J2be.com - e-mail: info[at]J2Be.com

• Next in forum: Indent PHP script for VIM version 1.23 released
• Prev in forum: Re: Updating Records
• Thread view: Re: New build of Blog script available

[Reply to this message]