Wait, why are the database queries not escaped?


	Wait, why are the database queries not escaped?

techiegirl13

2-16-2007 10:08 AM

211 views

tags:

php, web development, rants

Add a Comment

Login to Comment. Not a member yet? Sign up

View the Top Clips from February 16, 2007

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color: #ffffff;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/1ef71cb9-a588-46d3-8bf8-c7d624267ba9/CAAADB58-CFCF-4FA9-8A8A-9B270111EE37/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://tnx.nl/archive/http:::www.webcreator.com:php:community:php-love-and-hate.html" href="http://tnx.nl/archive/http:::www.webcreator.com:php:community:php-love-and-hate.html" style="font-size: 11px;">tnx.nl</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://tnx.nl/archive/http:::www.webcreator.com:php:community:php-love-and-hate.html"><H1>
PHP: A love and hate relationship</H1></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://tnx.nl/archive/http:::www.webcreator.com:php:community:php-love-and-hate.html"><P>
Take a look at <A href="http://web.archive.org/web/20050215015640/http://www.zend.com/zend/tut/tutorial-delin4.php">this article</A> published at Zend. It teaches people how to create an <I>authentication system</I> with <I>privilege levels</I>. But! Wait a minute! It uses cookies to store the privilege level! And, it requires register_globals to be set to on. And, it doesn’t escape parameters before using them to construct database queries. And, the the author feels he’s done nothing wrong (he has posted a comment to the article). And, the people in charge at Zend know about this and they haven’t pulled the article off. Oh, I am so sad.
</P></blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/CAAADB58-CFCF-4FA9-8A8A-9B270111EE37/blog/" title="blog or email this clip"><img src="http://content8.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Blog; Copyright; Privacy; EULA

Search Options

Related Clips

More clips from techiegirl13

Today's Top Clips