Vulnerability Development mailing list archives

Re: sql injection and php

From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Wed, 29 May 2002 11:54:19 +0200

Jacek Lach <jlach () utopia pl eu org> writes:

Does the magic_quotes in php's configuration resolves the problem of sql 
injection?


It depends.  If your database uses the same escaping strategy as PHP,
it may be safe.

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

sql injection and php Jacek Lach (May 28)
- Re: sql injection and php Sverre H. Huseby (May 29)
  - Re: sql injection and php Greg Hunt (May 29)
    - Re: sql injection and php Sverre H. Huseby (May 29)
- Re: sql injection and php Florian Weimer (May 29)
  - Re: sql injection and php Sverre H. Huseby (May 29)
    - Re: sql injection and php Jacek Lach (May 29)
- Re: sql injection and php Lincoln Yeoh (May 29)