Mailit, LLC a écrit :
$userName = $_POST[userName];
$passw = $_POST[passw];
(...)
$cmd = "SELECT * FROM theTable "
. "WHERE userName='$userName' ";
$res = mysql_query( $cmd ) or die( "Password search failed." );
Without validating userName in $_POST, that code is vulnerable
to SQL injection, by example if userName starts by a single quote...
See the PHP Security Guide on 'SQL Injection'
http://phpsec.org/projects/guide/3.html#3.2
$passe = crypt( $passw, $rec[ePass] );
if( $passe == $rec[ePass] )
I seems that the above vulnerability cant be exploited,
but I think it's better to be aware of it.
Christophe
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
