Re: [PHP] select statement — PHP — IT news, forums, messages

You are here: Re: [PHP] select statement « PHP « IT news, forums, messages

Posted by Josip Dzolonga on 10/19/58 11:16

On нед, 2005-05-08 at 23:16 +0200, Andy Pieters wrote:
> Notes:
> * just because it comes from SESSION doesn't mean that it cannot be spoofed.
> That's why you should escape uname before including it in a query.

Is there something I do not know ? :). As far as I know, it can be
spoofed only if you have access to session data, which is held on the
server-side, so only someone with server access can spoof. Any other way
of doing it ?

Josip Dzolonga
http://josip.dotgeek.org

Navigation:

Next in forum: Re: [PHP] API Number
Prev in forum: Re: [PHP] Sending htm as it's being generated
Thread view: Re: [PHP] select statement

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация