+1. This is no bug in PHP, it is not a security flaw in PHP; it is a problem in your code. PHP shouldn't police your lax security because you can't be bothered with it.
Can we drop this thread now? :-) --Wez. On Thu, 14 Aug 2003, Derick Rethans wrote: > On Thu, 14 Aug 2003, moshe doron wrote: > > that's the point. if the cracker can change only the end of the query, it's > > not so usefull for him (he can maximum get other id) but if he can chain > > totally new query, he may or may no bother changing your sql statements.... > > But it's a *user* problem (the developer), not a PHP problem. PHP should > not break nice functionality in an extension (such as chaining queries) > because of people too lazy to verify user input. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
