Search by date range problem
View Single Post
01-08-2009, 09:58 PM
Join Date: Jan 2009
Originally Posted by
I think these articles may help you understand:
Securing your MySQL Queries with Sprintf
How to Login to Any Account on an Insecure Site
Also I advise that you turn error reporting off in a live server environment, don't make the hackers life easy by giving him feedback on his attempts (which in essence is what happens with errors).
Anyway to the problem. Is your database stripping of the preceding zero?, I say this because you are sending both 09 and 08 in the between statement as string (wrapped in single quotes), thus the db will be comparing:
the string "08" and the integer 8
and so on and so forth.
In other words, what's the column's data type? and what does it currently hold
Ye, my bad. I was thinking of xss mainly as i was just trying it out on a script. Sorry.
View Public Profile
Send a private message to Scottymeuk
Find More Posts by Scottymeuk