Reply to Re: the script wont work and i cant find anything wrong please help

Your name:

Reply:


Posted by plemon on 01/16/07 18:39

so you are saying i should have magic quotes turned on? im reading up
more on sql injection at the moment still don't understand it at all.

On Dec 1 2006, 8:00 am, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> plemon wrote:
> > and there server im on is locked down like sadam so there not getting
> > in to do that and my ftp yeah sure they can try to crack it hehIt is a common mistake to think you are safe if the server is allright.
> If the programmers on the secure server make mistakes, the server cannot do
> a thing about it.
> If your server is military strength, and runs a webserver running PHP
> without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
> how 'safe' the server is.
> Security is no magic. And it starts with programmers taking it seriously.
>
> If you do not know what SQL-injection is, chances are you didn't write safe
> code.
>
> Really, I warned you 3 times in this thread, and you still don't listen.
> So my advise is once again: Do yourself a favor, and make sure you
> understand what SQL-injection is and how to protect yourself.
> Google for it, understand it, then program the rest of your site.
>
> Regards,
> Erwin Moller
>
> > Erwin Moller wrote:
> >> so many sites so little time wrote:
>
> >> > alright so i deleted the part about you must have made a mistake in
> >> > using this page
> >> > and added
> >> > if (!$r) {
> >> > // There was an error
> >> > // for simplicity sake, I'll just print it and exit
> >> > exit('Error in query (' . $query . '): ' . mysql_error());
> >> > }
> >> > and as you can see at kirewire.com/pp2/update_site.php
> >> > all it says now is you must have made a mistake in your query
>
> >> > agian the queries are:
>
> >> > <snip>
> >> > // Define the query.
> >> > $query = "UPDATE home SET header='{$_POST['header']}',
>
> >> Did you fix the SQL-injection vunerability I was warning you about?
> >> No.
> >> Reread my post.
> >> Do yourself a favor and fix it.
>
> >> Regards,
> >> Erwin Moller

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация