[colug-432] PHP code question?

Rick Hornsby richardjhornsby at gmail.com
Mon Dec 21 14:22:14 EST 2015


> On Dec 21, 2015, at 12:41, Vince Herried <Vince at PlanetVince.com> wrote:
> 
> I changed it to letter=   
> Problem solved...   Well now I have to watch out for SQL injection, but since i only allow a single char, easy
> 

Watch out: if that one character is ‘;’ you could be in trouble.  Always, always validate/sanitize your user-derived inputs, and use prepared statements (or your DB’s equivalent of input handling) when talking to the DB - reads and writes.

Avoiding SQL injection is fairly easy.  If you do absolutely nothing else with the data, find out what your DB engine uses for parameterized queries and always parameterize any user-land inputs.

Never take user input at literal value.  Especially for web-based applications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20151221/023f376f/attachment.html 


More information about the colug-432 mailing list