> -----Original Message-----
> From: Derick Rethans [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 14, 2003 12:33 AM
> To: moshe doron
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released
>
>
> On Thu, 14 Aug 2003, moshe doron wrote:
>
> > What about hacking somehow the sqlite library to disallow chained
> > queries (or at least do it optionally)?
> >
> > This behavior is *huge* security hole, allow to the cracker drop ur
> > database using simple select where query.
>
> How is this a security hole?
E.g.,
$id = "0; drop bar";
lamesql_query("select foo from bar where id = $id");
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
