PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Cross-Platform Database PHP Development
Object-Oriented Features New To PHP5
Introduction to PHP and Ajax
Native Language Support
HTML_Graphs

[PHP] How to improve sql query security using php? From: Richard Creech (richardc <email protected>)
Date: 09/30/00

Next message: Sebastian Bergmann: "[PHP] Number of weeks for a given month"
Previous message: Bjorn Andre Lie: "[PHP] DB-License usage"
Next in thread: Cary Collett: "Re: [PHP] How to improve sql query security using php?"
Reply: Cary Collett: "Re: [PHP] How to improve sql query security using php?"
Reply: Mark Maggelet: "[PHP] problem with image button"
Maybe reply: Richard Creech: "Re: [PHP] How to improve sql query security using php?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,
Great list!

I have a simple html form which accepts an email address and password.
I run this query:

SELECT $emailfield, $passwordfield FROM $userstable WHERE $emailfield = '$loginemail'

but what if the user enters the character "%@%", or other nasty things for the variable called $loginemail? I understand client side Javascript can be easily defeated, and that a LIMIT 1 will work -but not in other queries - which is what I will need. I don't want crackers piping out my complete data set. I need to get a better handle on this security issue. What's the BEST thing I can do here to improve my sql security using php?

Regards,
Richard Creech
http://dreamriver.com
richardc <email protected>
Phone 250.744.3350 Pacific Time

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Sebastian Bergmann: "[PHP] Number of weeks for a given month"
Previous message: Bjorn Andre Lie: "[PHP] DB-License usage"
Next in thread: Cary Collett: "Re: [PHP] How to improve sql query security using php?"
Reply: Cary Collett: "Re: [PHP] How to improve sql query security using php?"
Reply: Mark Maggelet: "[PHP] problem with image button"
Maybe reply: Richard Creech: "Re: [PHP] How to improve sql query security using php?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]