| vrana@php.net 2004-09-29, 8:04 pm |
| ID: 30274
Updated by: vrana@php.net
Reported By: troels at arvin dot dk
-Status: Open
+Status: Closed
Bug Type: Documentation problem
PHP Version: Irrelevant
New Comment:
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.
Thank you for the report, and for helping us make our documentation
better.
Previous Comments:
------------------------------------------------------------------------
[2004-09-29 13:37:56] troels at arvin dot dk
Description:
------------
The manual page for mysql_real_escape_string() has a section on the
danger of SQL injection; that's nice.
However, the example used to illustrate the danger is wrong and
misleading, as far as I can see.
The page states
....
// We didn't check $_POST['password'], it could be anything the user
wanted! For example:
$_POST['username'] = 'aidan';
$_POST['password'] = "' OR 1=1";
....
However, setting $_POST['password'] to
' OR 1=1
will result in a query like this, which isn't very dangerous because
it's a syntax error:
SELECT * FROM users WHERE name='aidan' AND password='' OR 1=1'
A better example of a dangerous value of $_POST['password'] would be:
' OR ''='
because it would result in this query:
SELECT * FROM users WHERE name='aidan' AND password='' OR ''=''
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30274&edit=1
|