Re: Limit on number of queries from CGI or PHP (security)

Поиск
Список
Период
Сортировка
От Alfred Perlstein
Тема Re: Limit on number of queries from CGI or PHP (security)
Дата
Msg-id 20001017012804.S272@fw.wintelcom.net
обсуждение исходный текст
Ответ на Limit on number of queries from CGI or PHP (security)  (Rikul Patel <rikul7@yahoo.com>)
Список pgsql-general
Дерево обсуждения 
* Rikul Patel <rikul7@yahoo.com> [001017 01:07] wrote:
> Hi,
>
> Is there any way I can restrict number of queries to
> only one? Here's the problem:
>
> If PHP script gets some data as input from user, and
> PHP scripts tries to put this data into Postgresql,
> what's keeping the user to modify the data in way to
> have postgresql execute two queries.
>
> So instead of some PHP script generating query like
> "select * from table where text='some text' or id=1",
> some malicious user could make it generate "select *
> from table where text='some text' or id=1;delete from
> table"

see php's addslashes() function.

--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."

В списке pgsql-general по дате отправления:

Предыдущее
От: AGRE Enterprises
Дата:
Сообщение: Stumped on PlPgSql
Следующее
От: Gilles DAROLD
Дата:
Сообщение: Re: PL/Perl compilation error