From: "Tanel Tammik" on 23 Jun 2010 02:53 Hi, is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries? Br Tanel
From: Peter Lind on 23 Jun 2010 02:59 On 23 June 2010 08:53, Tanel Tammik <keevitaja(a)gmail.com> wrote: > Hi, > > is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries? > With any and all input to sql queries: escape the input. Then you don't have to ask the question. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype>
From: Simon J Welsh on 23 Jun 2010 03:01 There's a vulnerability in using anything from the user in SQL queries. Escape it :) On 23/06/2010, at 6:53 PM, Tanel Tammik wrote: > Hi, > > is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries? > > Br > Tanel > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > --- Simon Welsh Admin of http://simon.geek.nz/ Who said Microsoft never created a bug-free program? The blue screen never, ever crashes! http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e
From: Adam Richardson on 23 Jun 2010 03:03 On Wed, Jun 23, 2010 at 2:53 AM, Tanel Tammik <keevitaja(a)gmail.com> wrote: > Hi, > > is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries? > > Br > Tanel > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > As long as you treat it with the same caution that you do general form input (e.g., proper validation, escaping for mysql or using prepared statements, etc.), you'll be fine ;) Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
From: Rene Veerman on 23 Jun 2010 03:06 unlikely. it's a apache delivered ip address.. very little chance of insert vulnerabilities, imho. On Wed, Jun 23, 2010 at 8:53 AM, Tanel Tammik <keevitaja(a)gmail.com> wrote: > Hi, > > is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries? > > Br > Tanel > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- --------------------------------- Greetings from Rene7705, My free open source webcomponents: http://code.google.com/u/rene7705/ http://mediabeez.ws/downloads (and demos) My music (i'm DJ firesnake) http://mediabeez.ws/music http://www.facebook.com/rene7705 ---------------------------------
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: In what scenario an extension of a class is useful? Next: Problem with ssh2_connect |