At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself from.
Hi all,
I am learning PHP and found this problem to be interesting.
I personally would never do this myself. All the manuals I have read
strictly prohibit this type of behavior.
Wouldn't you just have them run the queries on their end and send you
the results instead of the query itself?
Cur
On Wed, Apr 28, 2010 at 4:02 PM, Andre Polykanine wrote:
> Hello David,
>
> I'm not a PHP god but I would never ever do such things.I can't even
> imagine what can be the reason of passing an SQL query through a
> form...
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile; Wlm&MS
David Stoltz wrote:
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
We recently have added a very small web application that is ve
On Wed, Apr 28, 2010 at 04:54:56PM -0400, David Stoltz wrote:
> Hi folks,
>
>
>
> This isn't really a PHP question per se, but could apply to any
> language...
>
>
>
> I have a public facing web server, which we have a software component
> that helps protect us from SQL Injection, and the
Hello David,
I'm not a PHP god but I would never ever do such things.I can't even
imagine what can be the reason of passing an SQL query through a
form...
--
With best regards from Ukraine,
Andre
Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @
jabber.org
Yahoo! messenger:
6 matches
Mail list logo
