Reply to Re: Is this a security issue

Your name:

Reply:


Posted by Chung Leong on 08/22/06 18:08

Ignoramus20689 wrote:
> I am not a PHP expert (I do mod_perl), but it would seem that this
> code is likely to be a good candidate for SQL injection attack. Is
> that the case? If so, I would write to them.

That's a definitely a SQL injection vulnerability, as the code is
written for PHP3, where there is no register_globals option (i.e. it's
always on). Whether it can be exploited is another matter. I don't
think you can execute multiple statement through mysql_query().

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация