On 2006-04-04 19:35:10 +0200 (Tue, Apr), Pawel Bernat wrote:
> On Mon, Apr 03, 2006 at 10:01:23PM +0200, Mariusz Pękala wrote:
> > Telnet is not the best tool for binary protocols.
> > You may try netcat (nc), but anyway - this test is not significant
> > here.
> It doesn't matter here.
Okay, you're saying my English isn't perfect ? :-)
> > Don't let the untrusted parameters to go into query. Someone may call
> > your page like this:
> > http://example.com/add-entry.php?Email=a'); delete from Addresses; --
> Nothing wrong will happen.
Unless I really overlooked something, I would humbly disagree.
1) It is possible to put a few sql requests in one string.
2) Relying on 'magic_quotes_gpc' and *possible* addslashes() is a bad thing,
So, where is my mistake?
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
In response to
pgsql-php by date
|Next:||From: Eric Mauvière||Date: 2006-04-12 14:20:17|
|Subject: binary cursor returning truncated data|
|Previous:||From: Pawel Bernat||Date: 2006-04-04 17:35:10|
|Subject: Re: Unable to connect to PostgreSQL Server: Permission denied|