Re: the script wont work and i cant find anything wrong please help

so you are saying i should have magic quotes turned on? im reading up
more on sql injection at the moment still don't understand it at all.

On Dec 1 2006, 8:00 am, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@xxxxxxxxxxxxxxxx> wrote:
plemon wrote:
and there server im on is locked down like sadam so there not getting
in to do that and my ftp yeah sure they can try to crack it hehIt is a common mistake to think you are safe if the server is allright.
If the programmers on the secure server make mistakes, the server cannot do
a thing about it.
If your server is military strength, and runs a webserver running PHP
without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
how 'safe' the server is.
Security is no magic. And it starts with programmers taking it seriously.

If you do not know what SQL-injection is, chances are you didn't write safe
code.

Really, I warned you 3 times in this thread, and you still don't listen.
So my advise is once again: Do yourself a favor, and make sure you
understand what SQL-injection is and how to protect yourself.
Google for it, understand it, then program the rest of your site.

Regards,
Erwin Moller

Erwin Moller wrote:
so many sites so little time wrote:

alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query

agian the queries are:

<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',

Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.

Regards,
Erwin Moller

.

Relevant Pages

  • Re: the script wont work and i cant find anything wrong please help
    ... It is a common mistake to think you are safe if the server is allright. ... And it starts with programmers taking it seriously. ... If you do not know what SQL-injection is, chances are you didn't write safe ...
    (comp.lang.php)
  • Re: Representing Dynamic Arrays in VB.NET
    ... I'd think most MV programmers would agree with your analysis. ... simple and keep it on the MV server. ... Write Customer Record ... which is where the dynamic array contains information such as ...
    (comp.databases.pick)
  • Re: Winsock 10061
    ... or some kind of permissions issue relative to resolving the IP -- the socket ... DevDiagnostics With Safe For Scripting, ... > Host not found" when trying to connect to our server. ... I had her edit the hosts file to add an entry for our server. ...
    (microsoft.public.vb.controls.internet)
  • Re: SOA and VMS stuff
    ... Burton report that came out about a year ago that stated J2EE days were ... numbered (and he inferred .Net as I recall but cant remember for sure) ... Server one at a time. ... Customer requirement - I need a swing so our programmers can have ...
    (comp.os.vms)
  • Re: gforth webserver, why isnt forth used all over ecommerce?
    ... Just because Java provides a collection class ... I think it's more that employed programmers don't use ... implementing yet another minimal HTTP server, ... I haven't seen any significant antagonism against libraries. ...
    (comp.lang.forth)