Home page logo
/

basics logo Security Basics mailing list archives

RE: magic_quotes
From: "Steve Hillier" <securityfocus () mastermindtoys com>
Date: Mon, 20 Jun 2005 11:37:29 -0400

This isn't safe at all.

Just try inserting   ' OR 1=1; #   into your $DATA->id and you'll see.

You should be using mysql_escape_string() to sanitise your input strings
if you're going to be using them as-is inside SQL statements. You should
also consider using substr() to chop all but the length of string you
are expecting.

sph


-----Original Message-----
From: Pablo Fernández [mailto:newsclient () teamq info] 
Sent: Friday, June 17, 2005 7:29 p
To: security-basics () securityfocus com
Subject: magic_quotes


Hi everybody

I been coding for the last couple of days with PHP+MySQL and 
I've been relaying A LOT in magic_quotes. I am wondering if 
it's (at least for the
moment) a safe thing to do. For example, consider the following code

$GDATA = (object) $_GET;
$PDATA = (object) $_POST;

if ($GDATA) $DATA = $GDATA;
else        $DATA = $PDATA;

$q = mysql_query ("SELECT * FROM whatever WHERE id = '$DATA->id'");

How safe is this?

I would appreciate hints & thoughts (TM)

Thanks,
Pablo Fernandez





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault