[linux-programlama] Re: PHP SQL Injection Kontrol

---------

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

From: Sancar Saran (saran@sim.com.tr)
Date: Sun 22 Jun 2003 - 15:25:12 EEST

  • Next message: Burak DAYIOGLU: "[linux-programlama] Re: PHP SQL Injection Kontrol"

    Enver ALTIN wrote:
    > On Sat, 2003-06-21 at 13:59, Sancar Saran wrote:
    >
    >>Selamlar,
    >
    >
    > Selam,
    >
    >
    >>Yazdigim php scriptleri icinde kullandigim SQL cumlelerini enjeksiyondan
    >>korumak icin yapilabilecekler konusunda bilgi ariyorum,
    >
    >
    > Parametrik query kullanabilirsiniz:
    >
    > somedb_query($dbh, "select * from a_table where a_column=?,b_column=?", array($_GET["a"], $_GET["b"]));
    >
    > -HTH
    Selamlar,

    Kurdugum yapi onermis oldugunuz yolu kullanicak sekilde tasarlanmadi.
    Sanirim bir sekilde preg_replace ve veya en kotusu eregi yaptirmam
    gerekecek.

    Aradaigim yaklasik olarak

    $sqlRequest = "SELECT * from table
                     WHERE a = '{array[a]}'
                       AND b = '{array[b]}'";

    $status = safe_sql($sqlRequest);

    if($status === safe)
    {
       do_sql($sqlRequest);
    }

    veya

    $var1 = safe_sql($array[a]);
    $var2 = safe_sql($array[b]);

    $sqlRequest = "SELECT * from table
                     WHERE a = '$var1'
                       AND b = '$var2'";

    do_sql($sqlRequest);

    Bu yonde herhangibir oneriniz varmi ?

  • Next message: Burak DAYIOGLU: "[linux-programlama] Re: PHP SQL Injection Kontrol"
    New Message Reply About this list Date view Thread view Subject view Author view Attachment view

    ---------

    Bu arsiv hypermail 2.1.6 tarafindan uretilmistir.