Rafael wrote:
A tipical example would be a login script that uses the data as it arrives, for example:$login = $_POST['login']; $passw = $_POST['passw']; $sql = "SELECT * FROM user\n" ."WHERE( login = '$login' AND passw = '$passw' )"; In this case, what happens if I send something like login: ' OR '1'='1' OR '0 passw: doesnt care ? (I avoided the ' in the passw, just in case) Well, we'll end up with an SQL similar to this SELECT * FROM user WHERE( login = '' OR '1'='1' OR '0' AND passw = 'doesnt care' )and because of the priority of the AND / OR, we would have 3 separated conditions each enough to validate the user, as '1'='1' is true, then we have a validated user.
At first, your description confused me, but now I understand. You simply want to keep a user out of your code. In other words, if you don't validate the input, then a user can alter your code by injecting additional code into your query to bypass your authorization protocol -- very clever.
Thanks for the lesson. tedd -- -------------------------------------------------------------------------------- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
