Home > Archive > PHP DB > January 2005 > RE: [PHP-DB] storing images in database
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
RE: [PHP-DB] storing images in database
|
|
| Gareth Heyes 2005-01-26, 3:56 pm |
| >> if(isset($_GET['id'])) {[color=darkred]
This is a really bad example, anybody can inject your query with
malicious sql commands.
Never trust user supplied data.
| |
| Bastien Koert 2005-01-26, 3:56 pm |
| Yes, I totally agree. This was merely a sample code of how it could be done.
Not a definitive code samples of how to do it securely. There should be way
more validation, and better error handling too.
Bastien
>From: Gareth Heyes <gareth@ignited.co.uk>
>To: php-db@lists.php.net
>CC: bastien_k@hotmail.com
>Subject: RE: [PHP-DB] storing images in database
>Date: Wed, 26 Jan 2005 13:30:45 +0000
>
>
>This is a really bad example, anybody can inject your query with malicious
>sql commands.
>Never trust user supplied data.
>
>
| |
| Chip Wiegand 2005-01-26, 3:56 pm |
| Thanks for all the tips guys. I'll keep the last couple for future
reference.
--
Chip
Gareth Heyes <gareth@ignited.co.uk> wrote on 01/26/2005 05:30:45 AM:
>
> This is a really bad example, anybody can inject your query with
> malicious sql commands.
> Never trust user supplied data.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
|
|
|
|
|