| From: | Mariusz Pękala <skoot(at)qi(dot)pl> |
|---|---|
| To: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: Unable to connect to PostgreSQL Server: Permission denied |
| Date: | 2006-04-04 21:26:32 |
| Message-ID: | 20060404212632.GA9480@cthulhu.sdi.tpnet.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On 2006-04-04 19:35:10 +0200 (Tue, Apr), Pawel Bernat wrote:
> On Mon, Apr 03, 2006 at 10:01:23PM +0200, Mariusz Pękala wrote:
> > Telnet is not the best tool for binary protocols.
> > You may try netcat (nc), but anyway - this test is not significant
> > here.
> It doesn't matter here.
Okay, you're saying my English isn't perfect ? :-)
> > Don't let the untrusted parameters to go into query. Someone may call
> > your page like this:
> > http://example.com/add-entry.php?Email=a'); delete from Addresses; --
> Nothing wrong will happen.
Why?
Unless I really overlooked something, I would humbly disagree.
1) It is possible to put a few sql requests in one string.
2) Relying on 'magic_quotes_gpc' and *possible* addslashes() is a bad thing,
IMHO.
So, where is my mistake?
--
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eric Mauvière | 2006-04-12 14:20:17 | binary cursor returning truncated data |
| Previous Message | Pawel Bernat | 2006-04-04 17:35:10 | Re: Unable to connect to PostgreSQL Server: Permission denied |