Vulnerability Development mailing list archives
Re: sql injection and php
From: "Sverre H. Huseby" <shh () thathost com>
Date: Wed, 29 May 2002 23:05:54 +0200
[Greg Hunt] | I thought either PHP or MySQL won't allow more than one query in a | mysql_query() call. PostgreSQL (which I use) supports it. MySQL did not support it the last time I checked (a long time ago), but I found a TODO item that stated it should be supported in the future. I still think it is a bad idea to let anyone pass whatever they wish to the database. What happens when you upgrade your database to a product/version that supports what the original database did not? Who is responsible for fixing the new security problems? Will anyone realise that you have any problems to fix at all, as soon as all functionality is in place? Letting it through because "the database I currently use does not support it" has very little to do with secure programming. In my humble opinion. Sverre. -- shh () thathost com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/
Current thread:
- sql injection and php Jacek Lach (May 28)
- Re: sql injection and php Sverre H. Huseby (May 29)
- Re: sql injection and php Greg Hunt (May 29)
- Re: sql injection and php Sverre H. Huseby (May 29)
- Re: sql injection and php Greg Hunt (May 29)
- Re: sql injection and php Florian Weimer (May 29)
- Re: sql injection and php Sverre H. Huseby (May 29)
- Re: sql injection and php Jacek Lach (May 29)
- Re: sql injection and php Sverre H. Huseby (May 29)
- Re: sql injection and php Lincoln Yeoh (May 29)
- Re: sql injection and php Sverre H. Huseby (May 29)