IespiedTehnologijas Posted January 1, 2005 Report Share Posted January 1, 2005 Cik zinu ja kaut ko neiraksta kodā lai nevar ieraksta laukos lietot tagus kas ir domāti DB laikam ierakstot drop database tā tiek izdzēsta kā lai no tā izvairās?! Link to comment Share on other sites More sharing options...
hmnc Posted January 3, 2005 Report Share Posted January 3, 2005 Cik zinu ja kaut ko neiraksta kodā lai nevar ieraksta laukos lietot tagus kas ir domāti DB laikam ierakstot drop database tā tiek izdzēsta kā lai no tā izvairās?! 12429[/snapback] mysql_escape_string($string); Link to comment Share on other sites More sharing options...
Roze Posted January 4, 2005 Report Share Posted January 4, 2005 Papildus labs variants ir nodaliit arii lietotaajus - proti webam / frontendam / pashai lapai izveido lietotaaju tikai ar SELECT, INSERT, UPDATE nu ja vajag tad arii ar DELETE tiesiibaam, bet privileegjeeto lietotaaju (ar DROP, GRANT utt) tiesiibaam lieto tikai savaam vajadziibaam vai administraacijas riikaa. Link to comment Share on other sites More sharing options...
Klez Posted January 4, 2005 Report Share Posted January 4, 2005 nezinu ... es lietoju shaadi: .... $all = mysql_query("SELECT * FROM tabula WHERE id = '".$_GET['id']."'"); .... //deletam mysql_query("DELETE FROM tabula WHERE id = '".$_GET['id']."'"); ...... nu ja to $_GET['id'] padod ar veetriibu drop database tad nekas nenotiks - buus vienc error vispaar jau muljkiigi caur mainiigo padot vesalu vaicaajumu.... man vismaz naf saprotams kaa var to injekciju izdariit... a vrbuut es arii nepareizi saprotu ... Link to comment Share on other sites More sharing options...
bubu Posted January 4, 2005 Report Share Posted January 4, 2005 Ļoti vienkārši, tavam id var mēģināt padot vērtību: ' or true -- Tad otrajam DELETE pieprasījumam tiks izdzēsti visi ieraksti :) Link to comment Share on other sites More sharing options...
des Posted January 4, 2005 Report Share Posted January 4, 2005 Nu vajag uztaisiit vai nu $id = (int)$id; //exec the sqlz... vai arii if (is_int($id)) { //exec the sqlz... } respektiivi, vajag ruupiigi paarbaudiit, vai caur post/get/cookies mees sanjemam tieshaam to, ko buutu jaasanjem :) siikaak skat: http://www.php.net/manual/en/security.data...l-injection.php Link to comment Share on other sites More sharing options...
Recommended Posts