Alle 11:18, giovedì 14 agosto 2003, moshe doron ha scritto: > > How about a form of dos: > > > > '...where id = '.$id > > > > with $id = '23129 or 1' > > > > this will select all entries in the table which could result in > > DoS... > > > > So, ultimately this problem is the coders responsibility. > > DoS are not equivalent to droping the whole database (in the fast and > soft case...). > most of the system allowing searches, can be DoSed easily.
<joke> Why not stopping support for <form>s then? Drop $_GET, $_POST and $_REQUEST! They're EVIL! That way everyone is *really* safe from sql injection.... :-) </joke> -- Cesare D'Amico - theboss (at) cesaredamico (dot) com http://www.verona.linux.it - http://www.ziobudda.net .."Questa e` la mia vita, se ho bisogno te lo dico Sono io che guido, io che vado fuori strada, sempre io che pago, non e` mai successo che pagassero per me..." [Ligabue] .."Ma chi cazzo ho comprato????" - [Moratti, tutte le estati] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
