> -----Original Message----- > From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 14, 2003 10:37 PM > To: Steven Brown > Cc: [EMAIL PROTECTED] > Subject: RE: [PHP-DEV] Re: PHP 4.3.3RC3 Released > > > On Thu, 14 Aug 2003, Steven Brown wrote: > > It's insanely easy to make such mistakes though, and > php.net is full > > of such problems (I found 2 in 15 minutes), so it's not a 'stupid > > developer' issue, as you guys make the same mistakes, and are > > extremely experienced. > > That's interesting considering we are using MySQL and the > mysql extension code does not allow multiple queries. So I > don't see how you could have found such an exploit.
I found an example of passing unvalidated input into a SQL query, I didn't say it would lead to an exploit. The point was, yes, even you guys make this mistake. It's not a "Well, you should have learned to write secure code" type of issue. Everyone makes this mistake occasionally. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
