user input question

[Kristian Hermansen]

On 4/3/07, Eric C <eric at newmag.org> wrote:
> Well if I'm going to ask a question it should probably
> be on the part where I'm most likely to get cracked,
> user input.  Below is the page to handle a form on
> index.php.  Now stop laughing!  It's my first module.
> Anyway, if any of you real programmers see any
> particularly idiotic screwups please let me know.  A
> friend mentioned that I should sanitize the users
> input.  Any suggested reading on some simple ways to
> do this?  Thanks for suggestions.

User controls $has variable.  You use this in your SQL query, right?

$query = "SELECT DISTINCT hash FROM
".$xoopsDB->prefix('xps_torrents'). " WHERE hash =
'$hash'";

What if malicious user sets his POST variable for $hash to be...

validhash';DROP TABLE <your table name here>;
-- 
Kristian Hermansen

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.