Vulnerability Development mailing list archives
Is this PHP code secure from CSS ?
From: "kha" <kha.kha () laposte net>
Date: Fri, 26 Sep 2003 17:21:33 +0200
Hi, I've got an intranet website (apache/php/mysql) on which i use this php code for the admin authentification : $login = mysql_escape_string($post-login); $password = mysql_escape_string($post-password); $lines = performQuery("select id from users where name='$login' and pass='$password'"); Do i need only the mysql_escape_string function to prevent sql injections in the form or i should perform other checks ? NB : passwords are not yet encrypted in the database. Thanks in advance, Mathieu.
Current thread:
- Is this PHP code secure from CSS ? kha (Sep 26)
- Re: Is this PHP code secure from CSS ? Cedric Blancher (Sep 26)