TalkPHP - View Single Post

Highway of Life · 05-14-2008, 11:58 PM

You have some SQL Injection vulnerabilities in that code.
add_slashes() is not a sufficient form of sanitisation. -- You should be using mysql_real_escape_string() for your user input (any $_GET/$_REQUEST/$_POST/$_COOKIE etc) variables.

05-14-2008, 11:58 PM	#2 (permalink)
Highway of Life The Wanderer Join Date: May 2008 Location: Beware of programmers carrying screwdrivers Posts: 21 Thanks: 0	You have some SQL Injection vulnerabilities in that code. add_slashes() is not a sufficient form of sanitisation. -- You should be using mysql_real_escape_string() for your user input (any $_GET/$_REQUEST/$_POST/$_COOKIE etc) variables. __________________ - Highway of Life [ Software Engineer \| PHP Developer \| phpBB.com Team Member ] phpBB Academy at StarTrekGuide