Is this PHP code secure from CSS ?

From: kha (kha.kha_at_laposte.net)
Date: 09/26/03

Next message: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"

Previous message: 3APA3A: "reverse shell shellcode for Windows"
Next in thread: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"
Reply: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <vuln-dev@securityfocus.com>
Date: Fri, 26 Sep 2003 17:21:33 +0200

Hi,

I've got an intranet website (apache/php/mysql) on which i use this php code
for the admin authentification :

$login = mysql_escape_string($post-login);
$password = mysql_escape_string($post-password);

$lines = performQuery("select id from users where name='$login' and
pass='$password'");

Do i need only the mysql_escape_string function to prevent sql injections in
the form or i should perform other checks ?

NB : passwords are not yet encrypted in the database.

Thanks in advance,

Mathieu.

Next message: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"

Previous message: 3APA3A: "reverse shell shellcode for Windows"
Next in thread: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"
Reply: Cedric Blancher: "Re: Is this PHP code secure from CSS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > securityfocus > vuln-dev > 2003-09