On 16 September 2010 16:26, Cheryl Sullivan <csull...@shh.org> wrote:
> Absolutely -
>
>
>
> This is from the first page
>
>
>
> <?php
>
> $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName']));
>
> $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']);
>
>
>
> //access MS SQL Server database
>
> $q1 = "select * from emps where emp_last =
> '".$_SESSION['UserLastName']."' and emp_badge =
> '".$_SESSION['BadgeID']."'";
>
> $rs_emp_info = hitMSSQL($q1,"xxxx_sql","database","table","password",1);
>
> $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn");
>
> $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter");
>You're sticking values from $_POST into an SQL query without sanitizing them first. That spells out SQL INJECTION VULNERABILITY. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
