andrisp Posted September 16, 2008 Report Share Posted September 16, 2008 Izlasi, kas ir SQL injekcija, un uzreiz būs skaidrs. http://www.google.com/search?hl=en&q=sql+injection Link to comment Share on other sites More sharing options...
waplet Posted September 16, 2008 Report Share Posted September 16, 2008 Nu to es saprotu , bet kas ir iemesls , kāpēč tur drīkst rakstīt sql injekciju? Link to comment Share on other sites More sharing options...
andrisp Posted September 16, 2008 Report Share Posted September 16, 2008 Tas, ka netiek eskeipoti dati. Link to comment Share on other sites More sharing options...
waplet Posted September 16, 2008 Report Share Posted September 16, 2008 mysql_real_escape_string() vajag? Link to comment Share on other sites More sharing options...
andrisp Posted September 16, 2008 Report Share Posted September 16, 2008 Jā, vai arī kā šajā konkrētājā gadijumā - pārbaudam vai vērtība ir vesels skaitlis. Ja nav, tad vispār neļaujam izpildīt kveriju. Ja ir, tad liekam pa taisno iekšā kverijā bez eskeipošanas. Link to comment Share on other sites More sharing options...
waplet Posted September 16, 2008 Report Share Posted September 16, 2008 is_numeris()? Link to comment Share on other sites More sharing options...
andrisp Posted September 16, 2008 Report Share Posted September 16, 2008 is_numeric() laidīs cauri arī daļskaitļus: Finds whether the given variable is numeric. Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part. Thus +0123.45e6 is a valid numeric value. Hexadecimal notation (0xFF) is allowed too but only without sign, decimal and exponential part. Bet vispār gan es parasti aprobežojos ar is_numeric() + vēl vērtību ar (int) nokāstoju (piespiežu būt) par int tipa mainīgo. if (is_numeric($id)) { $id = (int) $id; } Protams, tā nav ideāla pārbaude. Link to comment Share on other sites More sharing options...
waplet Posted September 16, 2008 Report Share Posted September 16, 2008 Paldies ,vismaz vienam kas man visu izskaidroja! Link to comment Share on other sites More sharing options...
xPtv45z Posted September 16, 2008 Report Share Posted September 16, 2008 is_numeric+(int) == intval() ? Link to comment Share on other sites More sharing options...
andrisp Posted September 16, 2008 Report Share Posted September 16, 2008 Nav gan gluži tas pats. http://lv2.php.net/intval: The integer value of var on success, or 0 on failure. Empty arrays and objects return 0, non-empty arrays and objects return 1. Link to comment Share on other sites More sharing options...
Recommended Posts