Re: sql injection and php
From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)Date: 05/29/02
- Previous message: meijin: "Re: DirectX 9 SDK, Microsoft have got balls...."
- In reply to: Jacek Lach: "sql injection and php"
- Next in thread: Sverre H. Huseby: "Re: sql injection and php"
- Reply: Sverre H. Huseby: "Re: sql injection and php"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Jacek Lach <jlach@utopia.pl.eu.org> From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> Date: Wed, 29 May 2002 11:54:19 +0200
Jacek Lach <jlach@utopia.pl.eu.org> writes:
> Does the magic_quotes in php's configuration resolves the problem of sql
> injection?
It depends. If your database uses the same escaping strategy as PHP,
it may be safe.
-- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
- Previous message: meijin: "Re: DirectX 9 SDK, Microsoft have got balls...."
- In reply to: Jacek Lach: "sql injection and php"
- Next in thread: Sverre H. Huseby: "Re: sql injection and php"
- Reply: Sverre H. Huseby: "Re: sql injection and php"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
