Reply to Re: Question re: sql injection — PHP Programming Language

Posted by Jerry Stuckle on 06/28/07 22:40

Malcolm Dew-Jones wrote:
> jb (jbriere@gmail.com) wrote:
> : Hi all, ive been tasked with reviewing a php app for sql injection
> : vulnerabilities left behind by another developer.
>
> Use bind variables, Some oracle examples to illustrate how
>
> (old link, is this still around?)
>
> http://www.oracle.com/ technology/ pub/ articles/
> oracle_php_cookbook/ ullman_bindings.html
>
>
> You're using mysql so use either of the following interfaces
>
> 1) mysql via mysqli (look for "bind")
>
> http://ca.php.net/mysqli
>
>
> 2) mysql without mysqli
>
> <quote>
> Andy Hassall
> Sep 6, 2:28 pm
> ...
> I recommend using the ADOdb library
> (http://adodb.sourceforge.net/).
> </quote>
>
>

Bind variables are not necessary is you use mysql_real_escape_string and
otherwise validate your data (i.e. a numeric value is truly numeric).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация