| Re: i getting this warning [message #176025 is a reply to message #176024] |
Thu, 17 November 2011 14:15   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Jerry Stuckle, 2011-11-17 15:01:
> On 11/17/2011 8:31 AM, Arno Welzel wrote:
>> Denis McMahon, 2011-11-16 16:11:
>>
>>> On Wed, 16 Nov 2011 06:56:21 -0500, Jerry Stuckle wrote:
>>>
>>>> On 11/16/2011 6:17 AM, sri kanth wrote:
>>>
>>>> > $qs=$_REQUEST['id'];
>>>> > $data=mysql_query("select * from tbl_porduct where pid=$qs");
>>>
>>>> Three things.
>>>
>>> You missed "using unescaped user input in a query with no validation or
>>> verification". I know it's only a select, but would you bet that he's
>>> that sloppy with selects and yet rigorous with data changing statements?
>>
>> It does not matter what statement there *is*. Using data from outside in
>> this way makes *everything* possible - this is the typical mistake which
>> makes SQL injection possible!
>>
>>
>> Example:
>>
>> Lets assume $qs is "1;drop tlb_product".
>>
>> $data = mysql_query("select * from tbl_product where pid=$qs");
>>
>> The statement will be expanded to:
>>
>> "select * from tbl_product where pid=1;drop tbl_product"
>>
>> The result will be, that the table tbl_product will be dropped, if the
>> MySQL user has the right to drop tables.
>>
>>
> <snip>
>
> The statement will fail because mysql_query() will not execute multiple
> statements in a single query.
Generally and in this specific case you are right - but it is possible
and you should never rely on this behaviour.
See also: <http://php.net/manual/de/function.mysql-query.php>
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]