Yes, I totally agree. This was merely a sample code of how it could be done.
Not a definitive code samples of how to do it securely. There should be way
more validation, and better error handling too.
Bastien
From: Gareth Heyes <gareth@xxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
CC: bastien_k@xxxxxxxxxxx
Subject: RE: storing images in database
Date: Wed, 26 Jan 2005 13:30:45 +0000
>> if(isset($_GET['id'])) {
>> $id=$_GET['id'];
>> $query = "select bin_data, filetype from binary_data where id=$id";
This is a really bad example, anybody can inject your query with malicious
sql commands.
Never trust user supplied data.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
