I was trying to think up a nice, simple solution to SQL injection while
pondering my top ten vulnerability list. Here's something I came up with.
Tell me what you think.
function sql() {
$args = func_get_args() ;
$format = array_shift($ar gs);
for($i = 0, $l = count($args); $i < $l; $i++) {
$args[$i] = mysql_escape_st ring($args[$i]);
}
return vsprintf($forma t, $args);
}
$sql = sql("SELECT * FROM tblChicken WHERE pkChicken = %d", $id)
sql() takes variables passed to it, escape them for quotes, and insert them
into a SQL template. Variables that are supposed to be numeric will get cast
into int automatically by vsprintf().
0  1356  This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: stirrell |
last post by:
Hello,
One problem that I had been having is stopping email injections on
contact forms. I did some research, read up on it and felt like I had
created a working solution. I hadn't gotten any suspicious bouncebacks
in quite some time and got many custom alerts I had set up for
notifying me of injection attempts. However, just the other day,...
|
by: |
last post by:
There are assorted "SQL Injection vulnerability assessment tools" out there.
They scan your site and send your report. They also take your money.
We don't have the money so I was wondering if I could replicate the tool's
behavior myself. I am guessing that they work by attempting a
non-destructive injection attack against your DB and...
|
by: Sudhakar |
last post by:
A) validating username in php
as part of a registration form a user fills there desired username and
this is stored in a mysql. there are certain conditions for the
username.
a) the username should only begin either letters or numbers, and
Underscore character
example = user123, 123user, u_ser123, user_123 = completely case
insensitive
|
by: shank |
last post by:
I've been hit again using DW, parameterized queries and stored procedures.
I'm guessing I was not strict enough with character counts and allowing to
long of a string to pass.
Aside from that, as crude as it may be, is the below enough to stop these
attacks? If not, how would they get around this?
<%
If Instr(Request.QueryString("http"))...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
