Florian Weimer <[EMAIL PROTECTED]> writes:
>> db_query uses sprintf to replace placeholder expressions if passed
>> more than one argument and it seems to me that using %s does the
>> same thing as PHP's string expansion as in 4.5.3.
>
> What about SQL injection? Doesn't db_query protect against it, while
> PHP's string expansion doesn't?
At second glance, it does seem like it: db_query performs quoting on
those arguments which are then added via snprintf().
Do you have any idea how the $key parameter to sess_destroy
(includes/session.inc) is generated?
Cheers,
-Hilko who is once again shocked how little he knows about PHP's
internal magic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]