Home page logo

basics logo Security Basics mailing list archives

From: Pablo Fernández <newsclient () teamq info>
Date: Sat, 18 Jun 2005 01:28:42 +0200

Hi everybody

I been coding for the last couple of days with PHP+MySQL and I've been
relaying A LOT in magic_quotes. I am wondering if it's (at least for the
moment) a safe thing to do. For example, consider the following code

$GDATA = (object) $_GET;
$PDATA = (object) $_POST;

else        $DATA = $PDATA;

$q = mysql_query ("SELECT * FROM whatever WHERE id = '$DATA->id'");

How safe is this?

I would appreciate hints & thoughts (TM)

Pablo Fernandez

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]