Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released
Sorry: That code should have been: $id = some_escape_string_function( intval( "0; drop bar" ) ); if( $id > 0 ) { lamesql_query( "select foo from bar where id = '$id'" ) ); } else { // Error? } Just wa
Re: [PHP-DEV] Re: PHP 4.3.3RC3 Released
On Thursday, Aug 14, 2003, at 00:45 US/Pacific, Steven Brown wrote: On Thu, 14 Aug 2003, moshe doron wrote: What about hacking somehow the sqlite library to disallow chained queries (or at least do it optionally)? This behavior is *huge* security hole, allow to the cracker drop ur database using s
