Home page logo
/

basics logo Security Basics mailing list archives

Re: PHP filter function against SQL injections
From: Terra Frost <terrafrost () gmail com>
Date: Fri, 09 Feb 2007 06:55:27 -0600

jeffrey rivero wrote:
> Hello
> Good Questions
> ok for the
> 1.Single and double-quotes will be escaped by the function call mysql_escape_string(). > yep but what i am passing does not have " or ' in them think more like or 1 = 1 and assume that your var is a number
> so the injections would look like
Why can't you just cast to an integer?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]