List:General Discussion« Previous MessageNext Message »
From:Daevid Vincent Date:June 4 2007 10:31pm
Subject:RE: MySQL Magazine - Issue 1 available NOW!!!!
View as plain text  
Well, they're PHP syntax to go along with the article about SQL
injection.

According to this page: 
http://dev.mysql.com/doc/refman/5.0/en/comments.html

There are basically three styles of comments.

I just have a wrapper class for all my SQL queries (db.inc.php) and I
added a little cleaning code that strips out anything that looks like
comments. It could be argued that since they're comments already, mySQL
shouldn't parse them, but just to be safe.

The real issue to look for is the ";" (semicolon). I have another
routine that looks for ; and doesn't execute if it finds one outside of
" or ' mark pairs.

d


> -----Original Message-----
> From: Néstor [mailto:rotsen@stripped] 
> Sent: Monday, June 04, 2007 3:01 PM
> To: MySQL General
> Subject: Re: MySQL Magazine - Issue 1 available NOW!!!!
> 
> Can you explain what each of those lines do?
> 
> Thanks,
> 
> Nestor
> 
> PS
> Great work on the mysql article!!!!
> 
> On 6/4/07, Daevid Vincent <daevid@stripped> wrote:
> >
> > Thanks for the magazine. I already incorporated a little extra SQL
> > injection checking into my db.inc.php wrapper...
> >
> > //[dv] added to remove all comments (which may help with 
> SQL injections
> > as well.
> > $sql = preg_replace("/#.*?[\r\n]/s", '', $sql);
> > $sql = preg_replace("/--.*?[\r\n]/s", '', $sql);
> > $sql = preg_replace("@/\*(.*?)\*/@s", '', $sql);
> >
> > Keep up the great work!
> >
> > d
> >
> > > -----Original Message-----
> > > From: B. Keith Murphy [mailto:bmurphy@stripped]
> > > Sent: Monday, June 04, 2007 9:56 AM
> > > To: MySQL General
> > > Subject: MySQL Magazine - Issue 1 available NOW!!!!
> > >
> > > Everyone,
> > >
> > > I have just uploaded the first issue MySQL Magazine to
> > > http://paragon-cs.com/mag/issue1.pdf
> > >
> > > Please take a look at it.  There is a great deal of
> > > information here and
> > > I think it is worth some time.
> > >
> > > Feedback is always welcome.
> > >
> > > thanks,
> > >
> > > Keith Murphy
> > >
> > > --
> > > MySQL General Mailing List
> > > For list archives: http://lists.mysql.com/mysql
> > > To unsubscribe:
> > > http://lists.mysql.com/mysql?unsub=1
> > >
> > >
> >
> >
> > --
> > MySQL General Mailing List
> > For list archives: http://lists.mysql.com/mysql
> > To unsubscribe:    
> http://lists.mysql.com/mysql?unsub=1
> >
> >
> 

Thread
MySQL Magazine - Issue 1 available NOW!!!!B. Keith Murphy4 Jun
  • RE: MySQL Magazine - Issue 1 available NOW!!!!Daevid Vincent4 Jun
    • Re: MySQL Magazine - Issue 1 available NOW!!!!NĂ©stor4 Jun
      • RE: MySQL Magazine - Issue 1 available NOW!!!!Daevid Vincent5 Jun
    • Re: MySQL Magazine - Issue 1 available NOW!!!!Jon Ribbens5 Jun
      • Re: MySQL Magazine - Issue 1 available NOW!!!!Peter Rosenthal7 Jun
        • Re: MySQL Magazine - Issue 1 available NOW!!!!Jon Ribbens7 Jun
    • Re: MySQL Magazine - Issue 1 available NOW!!!!Yves Goergen9 Jun
      • RE: MySQL Magazine - Issue 1 available NOW!!!!Daevid Vincent11 Jun
        • Re: MySQL Magazine - Issue 1 available NOW!!!!Gordan Bobic11 Jun
          • Re: MySQL Magazine - Issue 1 available NOW!!!!Kevin Hunter11 Jun