The word (pseudo) implied that my url metadata effectively generates a sql statement. Query metadata in the url on the server side is generated as sql.
This is exactly what phpMyAdmin does...my app presents no more a security problem than theirs. The script runs as guest/guest against mysql unless realm authentication has been setup on the web server, in which case it runs with credentials of whose already authenticated. Unless someone's auth'd with my personal credentials, all they can do is query a stupid quotations table in a database of mine. No deletes, inserts, or updates. mike -----Original Message----- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:53 AM To: Mike Klein; [EMAIL PROTECTED] Subject: RE: [PHP] How to update url on server side...php header func? [snip] Basically original url is (pseudo) "select * from table where rec=5" ... any ideas of how to better go about this? [/snip] The query is in the URL? Really? You have just asked for a security problem (google for "sql injection" and you'll see what I am talking about). If you have anything that looks like http://www.yourserver.com/script.php?sql=select you need to stop what you are doing. Honestly, I believe that you need to change your code, and without seeing your current code I couldn't make any further recommendations. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
