On Thursday 08 July 2004 00:05, Keith Greene wrote: Here's a simple (and probably quite common) example of how not checking user input will lead to disaster:
DELETE FROM users WHERE userid = $userid userid is an integer column. If you didn't check your inputs and someone injected $userid = '1 or 1' you would have toasted your users table. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* Klein bottle for rent -- inquire within. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
