Re: MySQL (was Re: Notice about seconds overroll - S7K bug)

From: Radu Rendec (radu.rendecat_private)
Date: Mon Sep 17 2001 - 05:34:48 PDT

Next message: Paulo Filipe Mira: "RE: ARCserve 6.61 Share Access Vulnerability"

Previous message: Marcus Bednorz: "AW: ARCserve 6.61 Share Access Vulnerability"
In reply to: Dennis Murphy: "MySQL (was Re: Notice about seconds overroll - S7K bug)"
Next in thread: Rowan Kerr: "RE: MySQL (was Re: Notice about seconds overroll - S7K bug)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 16 Sep 2001 16:24:30 -0400 (EDT)
Dennis Murphy <dmurphyat_private> wrote:

DM> The way I dealt with this in PHP is by writing a function to validate input
DM> (i.e. Make sure there's nothing but an integer coming in as a parameter).
DM> There's probably a half-dozen ways to rewrite this function more efficiently,
DM> but at least it works...

If speed is a concern, there are faster methods to validate GET/POST data.
One is to cast to int in PHP, like:

$query="select * from my_table where id=".((int)$id);

However, there might be a problem if int is internally represented in
lower precision in PHP than it is in SQL. Another method is to enclose the
variable contents in quotes:

$query="select * from my_table where id='".addslashes($id)."'";

--
Radu Constantin Rendec
Web Solutions Manager
iNES Advertising ( http://www.ines.ro )

Next message: Paulo Filipe Mira: "RE: ARCserve 6.61 Share Access Vulnerability"
Previous message: Marcus Bednorz: "AW: ARCserve 6.61 Share Access Vulnerability"
In reply to: Dennis Murphy: "MySQL (was Re: Notice about seconds overroll - S7K bug)"
Next in thread: Rowan Kerr: "RE: MySQL (was Re: Notice about seconds overroll - S7K bug)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 09:38:00 PDT