On 2006-04-04 19:35:10 +0200 (Tue, Apr), Pawel Bernat wrote: > On Mon, Apr 03, 2006 at 10:01:23PM +0200, Mariusz Pękala wrote: > > Telnet is not the best tool for binary protocols. > > You may try netcat (nc), but anyway - this test is not significant > > here. > It doesn't matter here. Okay, you're saying my English isn't perfect ? :-) > > Don't let the untrusted parameters to go into query. Someone may call > > your page like this: > > http://example.com/add-entry.php?Email=a'); delete from Addresses; -- > Nothing wrong will happen. Why? Unless I really overlooked something, I would humbly disagree. 1) It is possible to put a few sql requests in one string. 2) Relying on 'magic_quotes_gpc' and *possible* addslashes() is a bad thing, IMHO. So, where is my mistake? -- No virus found in this outgoing message. Checked by "grep -i virus $MESSAGE" Trust me.
Attachment:
pgpspKhOIkeOj.pgp
Description: PGP signature
