From: "Marek Kilimajer" <[EMAIL PROTECTED]>
> Matt Chatterley wrote:
> > In addition to protecting against SQL Injection, has anyone here
> > experimented with detecting and recording attempts at injection?
> >
> > I've been pondering checking strings which come directly from user input
for
> > sq
Matt Chatterley wrote:
In addition to protecting against SQL Injection, has anyone here
experimented with detecting and recording attempts at injection?
I've been pondering checking strings which come directly from user input for
sql keywords (and possibly using regexps to check for potential SQL S
This reply has two purposes.
Firstly, a small suggestion (modest compared to the others which will
follow, no doubt!) - check out mysql_escape_string() - this may be useful to
you.
Secondly, a further question:
In addition to protecting against SQL Injection, has anyone here
experimented with de
you need to ask yourself how the environment that you are using will
interpret things
if you are sending this query:
"SELECT ... FROM ... WHERE field1='". $_POST['field1'] ."'"
and $_POST['field1'] is:
0' OR field2=0 AND ''='
the resulting string would be:
SELECT ... FROM ... WHERE field1='0' OR
4 matches
Mail list logo
