You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 437 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
How to avoid SQL injection exploits...
PHP-NukeJeruvy writes "This was posted on bugtraq December 4th. It seems rather basic, but nonetheless important information for php authors. I don't agree with using javascript to verify errors, since the javascript can (and is!!) vulnerable to not providing adequate checks, and then you must assume it processed correctly, which isn't a good idea.

IMPORTANT INFORMATION FOR ALL DEVELOPERS OF PHP. I recommend that never leave to insert special characters in input box. Normally in Input Box only is necessary numeric or alphanumeric data For solution this SQL Injection you can use these functions: ctype_alnum -- Check for alphanumeric character(s) ctype_alpha -- Check for alphabetic character(s) ctype_cntrl -- Check for control character(s) ctype_digit -- Check for numeric character(s) ctype_graph -- Check for any printable character(s) except space ctype_lower -- Check for lowercase character(s) ctype_print -- Check for printable character(s) ctype_punct -- Check for any printable character which is not whitespace or an alphanumeric character ctype_space -- Check for whitespace character(s) ctype_upper -- Check for uppercase character(s) ctype_xdigit -- Check for character(s) representing a hexadecimal digit Normally you verify data with Javascript in Client but you must verify data in file that receive POST Form. In the file that receive the POST data you can use these functions. ADDITIONAL INFO: http://es2.php.net/manual/en/ref.ctype.php For use these functions you must discomment library in php.ini file: ;Windows Extensions extension=php_ctype.dll Javier Morueco "
Posted on Saturday, December 06 @ 16:18:22 CET by [RETIRED]chatserv
 
Related Links
· More about PHP-Nuke
· News by [RETIRED]chatserv


Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)

Article Rating
Average Score: 1
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.112 Seconds - 186 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::