Posted by yawnmoth on 08/22/07 21:37

Say I have the following in a PHP script of mine:

$sr=ldap_search($ds, "", "(& (sn=$_GET[lastname]) (givenName=
$_GET[firstname]*))");

If $_GET[lastname] contains a ), an attacker could escape out of the
first part of the LDAP query and perform ldap injection, as it were
(not sure what can be done with ldap injection, though).

My question is... how do I prevent this? Would I escape ) with \)?
Would there be other characters I'd need to escape, as well?

Is there a more appropriate newsgroup for questions like this?

[Back to original message]