Security Basics mailing list archives
Re: PHP filter function against SQL injections
From: Terra Frost <terrafrost () gmail com>
Date: Fri, 09 Feb 2007 06:55:27 -0600
jeffrey rivero wrote: > Hello > Good Questions > ok for the> 1.Single and double-quotes will be escaped by the function call mysql_escape_string(). > yep but what i am passing does not have " or ' in them think more like or 1 = 1 and assume that your var is a number
> so the injections would look like Why can't you just cast to an integer?
Current thread:
- PHP filter function against SQL injections Kellox (Feb 07)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 07)
- Re: PHP filter function against SQL injections jeff (Feb 07)
- Re: PHP filter function against SQL injections Koen Bossaert (Feb 08)
- Re: PHP filter function against SQL injections Kellox (Feb 08)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 08)
- Re: PHP filter function against SQL injections Terra Frost (Feb 09)
- Message not available
- Re: PHP filter function against SQL injections Terra Frost (Feb 12)
- Re: PHP filter function against SQL injections Kellox (Feb 08)
- Re: PHP filter function against SQL injections Kellox (Feb 09)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 09)
- Re: PHP filter function against SQL injections Nic Stevens (Feb 12)
- <Possible follow-ups>
- FW: PHP filter function against SQL injections kevin fielder (Feb 08)
- Re: PHP filter function against SQL injections Henry Troup (Feb 12)
- Re: PHP filter function against SQL injections Henry Troup (Feb 13)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 14)
- RE: PHP filter function against SQL injections Dan Anderson (Feb 19)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 14)
- Re: Re: PHP filter function against SQL injections ianbow (Feb 14)