|
|
Posted by jb on 06/28/07 21:28
Hi all, ive been tasked with reviewing a php app for sql injection
vulnerabilities left behind by another developer. I'm not a php
developer by trade, but ive tinkered with php, and I have a firm
handle on what sql injection is in the context of other platforms.
Ive seen various methods of prevention recommended, and unfortunately
for me, our former developer appears to have used all of them in
various parts of the app. Some use mysql_escape_string, some use
myql_real_escape_string , some use a quote_smart function which checks
the magic quotes setting and uses addslashes appropriately.
But one has me a little confused, and i'm not sure if it is a valid
method for blocking sql injection.
where username = \"" . $_COOKIE["user"] . "\"";
does wrapping the string in double quotes somehow tell mysql to treat
the contents within as literal? Thus making it sql injection safe?
[Back to original message]
|