 |
 |
Find a programming school near you
php3-list | 199807
Date: 07/01/98
- Next message: Pablo A. Godel: "Re: [PHP3] when to and when not to mysql_free_result"
- Previous message: Kirsty Darbyshire: "Re: [PHP3] dbm problem"
- Next in thread: Mark Musone: "Re: [PHP3] RGEXP with MySQL"
- Reply: Mark Musone: "Re: [PHP3] RGEXP with MySQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi there again...
while trying out some query´s with mysql upon a database, i discoverd
that one can just do a select like
select * from fooTable where foo REGEXP '$search'
and search could be a posted variable from an html form.
and voilá... you would have a powerfull search engine... but...
what exactly could be the worst consequences when someone with
supirior knowledge about regex´s types in a searchstring that really
would take the mysql-server down to his knees?
and then ofcourse... what can i do to prohibit those exploits and
still offer the REGEXP within in select?
Take care,
A.Anneck
Web-Wizard @ TSE Teleservice GmbH
--------------------------------------
"Gravity can not be made responsible
for people falling in love"
- Albert Einstein.
-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.tryc.on.ca/php3.html
- Next message: Pablo A. Godel: "Re: [PHP3] when to and when not to mysql_free_result"
- Previous message: Kirsty Darbyshire: "Re: [PHP3] dbm problem"
- Next in thread: Mark Musone: "Re: [PHP3] RGEXP with MySQL"
- Reply: Mark Musone: "Re: [PHP3] RGEXP with MySQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
