Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

user input question

On 4/3/07, Eric C <eric at> wrote:
> Well if I'm going to ask a question it should probably
> be on the part where I'm most likely to get cracked,
> user input.  Below is the page to handle a form on
> index.php.  Now stop laughing!  It's my first module.
> Anyway, if any of you real programmers see any
> particularly idiotic screwups please let me know.  A
> friend mentioned that I should sanitize the users
> input.  Any suggested reading on some simple ways to
> do this?  Thanks for suggestions.

User controls $has variable.  You use this in your SQL query, right?

".$xoopsDB->prefix('xps_torrents'). " WHERE hash =

What if malicious user sets his POST variable for $hash to be...

validhash';DROP TABLE <your table name here>;
Kristian Hermansen

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /