RE: Session Vars loaded from MSSQL Query drop, those loaded from MYSQL Query stick

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We are actually running the query through a function that removes single
ticks, etc to avoid this, but I didn't think that was relevant to the
question so I didn't include it.  Thanks, though!

-----Original Message-----
From: Peter Lind [mailto:peter.e.lind@xxxxxxxxx] 
Sent: Thursday, September 16, 2010 12:03 PM
To: Cheryl Sullivan
Cc: ash@xxxxxxxxxxxxxxxxxxxx; php-general@xxxxxxxxxxxxx
Subject: Re:  Session Vars loaded from MSSQL Query drop, those
loaded from MYSQL Query stick

On 16 September 2010 16:26, Cheryl Sullivan <csulliva@xxxxxxx> wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
> <?php
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info =
hitMSSQL($q1,"xxxx_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>

You're sticking values from $_POST into an SQL query without
sanitizing them first. That spells out SQL INJECTION VULNERABILITY.

Regards
Peter

-- 
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>

Notice: This communication, including attachments, may contain information that is confidential and protected. It constitutes non-public information intended to be conveyed only to the designated recipient(s). If you believe that you have received this communication in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Thank you.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux