Code Comments
Programming Forum and web based access to our favorite programming groups.
#30274 [Opn->Csd]: Error in SQL injection example in manual page for mysql_real_escape_string()ID: 30274 Updated by: vrana@php.net Reported By: troels at arvin dot dk -Status: Open +Status: Closed Bug Type: Documentation problem PHP Version: Irrelevant New Comment: This bug has been fixed in the documentation's XML sources. Since the online and downloadable versions of the documentation need some time to get updated, we would like to ask you to be a bit patient. Thank you for the report, and for helping us make our documentation better. Previous Comments: ------------------------------------------------------------------------ [2004-09-29 13:37:56] troels at arvin dot dk Description: ------------ The manual page for mysql_real_escape_string() has a section on the danger of SQL injection; that's nice. However, the example used to illustrate the danger is wrong and misleading, as far as I can see. The page states ... // We didn't check $_POST['password'], it could be anything the user wanted! For example: $_POST['username'] = 'aidan'; $_POST['password'] = "' OR 1=1"; ... However, setting $_POST['password'] to ' OR 1=1 will result in a query like this, which isn't very dangerous because it's a syntax error: SELECT * FROM users WHERE name='aidan' AND password='' OR 1=1' A better example of a dangerous value of $_POST['password'] would be: ' OR ''=' because it would result in this query: SELECT * FROM users WHERE name='aidan' AND password='' OR ''='' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30274&edit=1
Post Follow-up to this message
Sponsored Links
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
