Re: nooB PhP login using MySQL

From: nospam@xxxxxxxxxxxxxxxx (Rafe Culpin)
Date: Fri, 30 Mar 2007 10:20 +0100 (BST)

In article <u0cp03562monb4e54ets3488i3eems6acc@xxxxxxx>,
blthecat@xxxxxxxxxxx (Geoff Berrow) wrote:

The process is to take the supplied username and password and do a
database query to see if there is a row containing that combination. Of
course, this presupposes that you ensured that the combination was
unique before storing in the database. If a row is found the log in is
successful.

*IMPORTANT*
Before doing this and putting it on a public site, google "SQL injection
attack" (with quotes) and make sure you understand the implications and
have guarded against them. If you do not do this an attacker can run
arbitrary SQL commands on your database.

--
To reply email rafe, at the address cix co uk
.

Follow-Ups:
- Re: nooB PhP login using MySQL
  - From: Geoff Berrow

References:
- Re: nooB PhP login using MySQL
  - From: Geoff Berrow

Prev by Date: Re: What is the learning curve for PHP?
Next by Date: Re: Video upload and playback
Previous by thread: Re: nooB PhP login using MySQL
Next by thread: Re: nooB PhP login using MySQL
Index(es):
- Date
- Thread

Relevant Pages

Re: How to properly manage a custom profile?
... Besides, use fuckin' gmail, it ... effort to extort money out of them by saying they'll continue to attack ... Why would anyone want to put an IP in a database, ... Clearly evidenced by your paranoid delusions. ...
(comp.os.linux.setup)
Re: Analyze this Game
... that database have? ... Strong players like GM Alekhine have played ... in which White players try to "attack" desperately, ... and most of the recent games I found ...
(rec.games.chess.computer)
RE: FUD - was FAX a virus
... Security is a risk function as I have stated time and ... In relation to the sending of faxed data, being OCR'd into a database, I ... manner or method in which a fax stream could be used to administer the ... To attack Oracle over a data stream such as was mentioned in the ...
(Security-Basics)
Re: nooB PhP login using MySQL
... database query to see if there is a row containing that combination. ... this presupposes that you ensured that the combination was ... attack" and make sure you understand the implications and ... arbitrary SQL commands on your database. ...
(comp.lang.php)
Re: SQL Injection
... A "best practice" solution has been partially discussed. ... the input from executing on the database. ... server which they will use to create a more advanced attack. ... > Dim prm As SqlParameter ...
(microsoft.public.dotnet.framework.aspnet.security)