On Thu, 14 Aug 2003, Rasmus Lerdorf wrote:
> On Thu, 14 Aug 2003, Steven Brown wrote:
> > I found an example of passing unvalidated input into a SQL query, I
> > didn't say it would lead to an exploit. The point was, yes, even you
> > guys make this mistake. It's not a "Well, you should have learned to
> > write secure code" type of issue. Everyone makes this mistake
> > occasionally.
>
> Unvalidated in what sense? We don't validate for multiple queries because
> we have no need to do so.
That one is already fixed too btw, see my last commit to bugs-web.
Derick
--
"Interpreting what the GPL actually means is a job best left to those
that read the future by examining animal entrails."
-------------------------------------------------------------------------
Derick Rethans http://derickrethans.nl/
International PHP Magazine http://php-mag.net/
-------------------------------------------------------------------------
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
