| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Yves Goergen | Date: | June 9 2007 11:34am |
| Subject: | Re: MySQL Magazine - Issue 1 available NOW!!!! | ||
| View as plain text | |||
On 04.06.2007 23:44 CE(S)T, Daevid Vincent wrote: > Thanks for the magazine. I already incorporated a little extra SQL > injection checking into my db.inc.php wrapper... > > //[dv] added to remove all comments (which may help with SQL injections > as well. > $sql = preg_replace("/#.*?[\r\n]/s", '', $sql); > $sql = preg_replace("/--.*?[\r\n]/s", '', $sql); > $sql = preg_replace("@/\*(.*?)\*/@s", '', $sql); I'm not aware of the context, but I guess you can imagine that this will corrupt any SQL queries that contain "#" or "--" or "/* ... */" inside a string. So I would highly recommend not using those. -- Yves Goergen "LonelyPixel" <nospam.list@stripped> Visit my web laboratory at http://beta.unclassified.de
| Thread | ||
|---|---|---|
| • MySQL Magazine - Issue 1 available NOW!!!! | B. Keith Murphy | 4 Jun |
| • RE: MySQL Magazine - Issue 1 available NOW!!!! | Daevid Vincent | 4 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | NĂ©stor | 4 Jun |
| • RE: MySQL Magazine - Issue 1 available NOW!!!! | Daevid Vincent | 5 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Jon Ribbens | 5 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Peter Rosenthal | 7 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Jon Ribbens | 7 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Yves Goergen | 9 Jun |
| • RE: MySQL Magazine - Issue 1 available NOW!!!! | Daevid Vincent | 11 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Gordan Bobic | 11 Jun |
| • Re: MySQL Magazine - Issue 1 available NOW!!!! | Kevin Hunter | 11 Jun |