Re: the script wont work and i cant find anything wrong please help
- From: Erwin Moller <since_humans_read_this_I_am_spammed_too_much@xxxxxxxxxxxxxxxx>
- Date: Fri, 01 Dec 2006 14:00:44 +0100
plemon wrote:
and there server im on is locked down like sadam so there not getting
in to do that and my ftp yeah sure they can try to crack it heh
It is a common mistake to think you are safe if the server is allright.
If the programmers on the secure server make mistakes, the server cannot do
a thing about it.
If your server is military strength, and runs a webserver running PHP
without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
how 'safe' the server is.
Security is no magic. And it starts with programmers taking it seriously.
If you do not know what SQL-injection is, chances are you didn't write safe
code.
Really, I warned you 3 times in this thread, and you still don't listen.
So my advise is once again: Do yourself a favor, and make sure you
understand what SQL-injection is and how to protect yourself.
Google for it, understand it, then program the rest of your site.
Regards,
Erwin Moller
Erwin Moller wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
.
- Prev by Date: Re: php 5 classes: public, protected and private
- Next by Date: Re: is lisp better than php?
- Previous by thread: retrieveing vars from mysql join ?
- Next by thread: Help With CURL And GET Forms
- Index(es):
Relevant Pages
|
|
