RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread John Holmes
> $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); > $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); > $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; > > Or if you have magic_quotes_gpc turned on (the default) all vars passed > in from forms/cookies are quoted and SQL injection

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Richard Archer
At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote: >"INSERT INTO foo (a,b) VALUES (?,?)" $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; Or if you have magic_quotes_gpc turned on (the

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread John Holmes
> I think you misunderstood me. I already have a AuthenticateUser(TEXT,TEXT) > function that works great. What I don't understand is how to get PHP to > use place holders for data binding. This is more generic database issue. I > could have also written: > > "INSERT INTO foo (a,b) VALUES (?,?)" >

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Cal Evans
-- From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 4:00 PM To: Maxim Maletsky (PHPBeginner.com) Cc: [EMAIL PROTECTED] Subject: RE: [PHP] PHP Security Leak (plaintext) Foo. Somehow I encrypted the last message. --[PinePGP]--

RE: [PHP] PHP Security Leak (plaintext)

2002-04-25 Thread Joshua b. Jore
gins > > > > > -Original Message- > > From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 10:26 PM > > Cc: [EMAIL PROTECTED] > > Subject: RE: [PHP] PHP Security Leak > > > > This brings up another issue,

RE: [PHP] PHP Security Leak

2002-04-25 Thread Joshua b. Jore
-BEGIN PGP MESSAGE- Comment: For info see http://www.gnupg.org owGlWL9vHMcVlmy4IcDCQIC0L2qONJZLibGS4GDrN63QpkRFRyURDEGY2527Hd3s znpmlucNYDduXLhwlyqA/4BUaVwZSJogQJIirowAKVykc7oAQrp8b3bvdu9ES5bM I4i7mX1v3rz3fd97x083Xz770qsffPPOHz6JPv/p2b9+48+88Rf15QH5TBUzqk1F uXJVkUrrvDEp5TKmAxLaSpHWlIkTSYK

RE: [PHP] PHP Security Leak

2002-04-25 Thread Maxim Maletsky \(PHPBeginner.com\)
IL PROTECTED] > Subject: RE: [PHP] PHP Security Leak > > This brings up another issue, how the heck do you get data binding? For > the life of me I don't see where the _query functions support SQL like: > > "SELECT AuthenticateUser(?,?)" where then the first param mi

RE: [PHP] PHP Security Leak

2002-04-25 Thread Joshua b. Jore
l 25, 2002 8:20 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] PHP Security Leak > > > > I'm wondering if anyone has any ideas on how to make a > > login site more secure. Since I'm not really sure if > > I've explained myself well enough and don

RE: [PHP] PHP Security Leak

2002-04-25 Thread Maxim Maletsky \(PHPBeginner.com\)
> -Original Message- > From: Liam Gibbs [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 25, 2002 8:20 PM > To: [EMAIL PROTECTED] > Subject: [PHP] PHP Security Leak > > I'm wondering if anyone has any ideas on how to make a > login site more secure. Since

[PHP] PHP Security Leak

2002-04-25 Thread Liam Gibbs
I'm wondering if anyone has any ideas on how to make a login site more secure. Since I'm not really sure if I've explained myself well enough and don't really know how else to say it, I'll just give examples and then you guys can follow suit and mention some oversights: I have a regular logon: us