Home page logo
/

basics logo Security Basics mailing list archives

magic_quotes
From: Pablo Fernández <newsclient () teamq info>
Date: Sat, 18 Jun 2005 01:28:42 +0200

Hi everybody

I been coding for the last couple of days with PHP+MySQL and I've been
relaying A LOT in magic_quotes. I am wondering if it's (at least for the
moment) a safe thing to do. For example, consider the following code

$GDATA = (object) $_GET;
$PDATA = (object) $_POST;

if ($GDATA) $DATA = $GDATA;
else        $DATA = $PDATA;

$q = mysql_query ("SELECT * FROM whatever WHERE id = '$DATA->id'");

How safe is this?

I would appreciate hints & thoughts (TM)

Thanks,
Pablo Fernandez


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]