> It's insanely easy to make such mistakes though, and php.net is full of
> such problems (I found 2 in 15 minutes), so it's not a 'stupid
I'd like to hear where these problems are, off list of course.
> minor bugs, as from what I hear the mysql extention can't do chained
> queries yet, so there's no risk of someone injecting whatever SQL they
> choose, making it much harder to do evil.
The current ext/mysql extension doesn't allow multiple queries...
however, it is by no means idiot-proof.. consider:
UPDATE auth_user set password='{$_POST['newpass']}' WHERE
username='$uname';
Now let's say 'newpass' is the string "foo' WHERE username='admin' --"
That'd convert the query to:
UPDATE auth_user set password='foo' WHERE username='admin' -- WHERE
username='realusername'
As you can see, even in mysql it is very easy to do evil despite your
claims. IMO and I believe the opinion of most of the internals community
it is not the responsibility of PHP to correct these and other potential
security holes.
Please let this issue drop.
John
--
-~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~-
John Coggeshall http://www.coggeshall.org/
john at coggeshall dot org
The PHP Developer's Handbook
The definitive PHP5 developer's guide http://www.php-handbook.com/
-~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~-
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
