 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 4/3/07, Eric C <eric at newmag.org> wrote:
> Well if I'm going to ask a question it should probably
> be on the part where I'm most likely to get cracked,
> user input. Below is the page to handle a form on
> index.php. Now stop laughing! It's my first module.
> Anyway, if any of you real programmers see any
> particularly idiotic screwups please let me know. A
> friend mentioned that I should sanitize the users
> input. Any suggested reading on some simple ways to
> do this? Thanks for suggestions.
User controls $has variable. You use this in your SQL query, right?
$query = "SELECT DISTINCT hash FROM
".$xoopsDB->prefix('xps_torrents'). " WHERE hash =
'$hash'";
What if malicious user sets his POST variable for $hash to be...
validhash';DROP TABLE <your table name here>;
--
Kristian Hermansen
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
