| From: | Alfred Perlstein <bright(at)wintelcom(dot)net> |
|---|---|
| To: | Rikul Patel <rikul7(at)yahoo(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org, null(at)acm(dot)org |
| Subject: | Re: Limit on number of queries from CGI or PHP (security) |
| Date: | 2000-10-17 08:28:04 |
| Message-ID: | 20001017012804.S272@fw.wintelcom.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Rikul Patel <rikul7(at)yahoo(dot)com> [001017 01:07] wrote:
> Hi,
>
> Is there any way I can restrict number of queries to
> only one? Here's the problem:
>
> If PHP script gets some data as input from user, and
> PHP scripts tries to put this data into Postgresql,
> what's keeping the user to modify the data in way to
> have postgresql execute two queries.
>
> So instead of some PHP script generating query like
> "select * from table where text='some text' or id=1",
> some malicious user could make it generate "select *
> from table where text='some text' or id=1;delete from
> table"
see php's addslashes() function.
--
-Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
"I have the heart of a child; I keep it in a jar on my desk."
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Victor Ivanov | 2000-10-17 10:27:13 | C function and NULL result |
| Previous Message | Colin Taylor | 2000-10-17 08:14:03 | Getting DateStyle Using C++ Library |