Steven Brown wrote:
How is this a security hole?
E.g.,
$id = "0; drop bar";
lamesql_query("select foo from bar where id = $id");
this is also possible with oracle, oci8 and other database extensions,
mysql ist the only one where i'm sure about that chaining is *not*
supported
so the actual security hole is user code that puts *unverified* input
into SQL queries, so opening the door for SQL injection
whether it makes sense to disable command chaining or at least make
it configurable with default 'off' in PHP database extensions is a
topic that may need further discussion (i know that Georg has similar
plans for mysqli in PHP 5),
but claiming that command chaining is a '*huge*' security hole per se
is not justified IMHO, this is more about how much protection against
"shoot yourself in the foot" incidents PHP should offer ...
--
Hartmut Holzgraefe <[EMAIL PROTECTED]>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
