|
Posted by Andy Hassall on 01/19/06 22:33
On 19 Jan 2006 20:17:02 GMT, Pedro Graca <hexkid@dodgeit.com> wrote:
> $sql = "update user_table set validated=1 where code='{$_GET['code']}'";
I'm sure you know better than to do this :-) SQL injection ahoy - remember to
escape appropriately, or use a library that implements (or at least emulates)
placeholders.
This is actually quite a good demonstration of SQL injection risks; you could
call the script as:
validate.php?code='+or+'a'%3d'a
... and it'll set validated=1 without the right code, as you end up with the
SQL as:
update user_table set validated=1 where code='' or 'a'='a'
--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
Navigation:
[Reply to this message]
|