Prev: In what scenario an extension of a class is useful?
Next: Problem with ssh2_connect
From: "Tanel Tammik" on 23 Jun 2010 02:53
Hi,

is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?

Br
Tanel


From: Peter Lind on 23 Jun 2010 02:59
On 23 June 2010 08:53, Tanel Tammik <keevitaja(a)gmail.com> wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>

With any and all input to sql queries: escape the input. Then you
don't have to ask the question.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
From: Simon J Welsh on 23 Jun 2010 03:01
There's a vulnerability in using anything from the user in SQL queries. Escape it :)
On 23/06/2010, at 6:53 PM, Tanel Tammik wrote:

> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

---
Simon Welsh
Admin of http://simon.geek.nz/

Who said Microsoft never created a bug-free program? The blue screen never, ever crashes!

http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e




From: Adam Richardson on 23 Jun 2010 03:03
On Wed, Jun 23, 2010 at 2:53 AM, Tanel Tammik <keevitaja(a)gmail.com> wrote:

> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
As long as you treat it with the same caution that you do general form input
(e.g., proper validation, escaping for mysql or using prepared statements,
etc.), you'll be fine ;)

Adam

--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
From: Rene Veerman on 23 Jun 2010 03:06
unlikely. it's a apache delivered ip address.. very little chance of
insert vulnerabilities, imho.

On Wed, Jun 23, 2010 at 8:53 AM, Tanel Tammik <keevitaja(a)gmail.com> wrote:
> Hi,
>
> is there a vulnerability with using $_SERVER['REMOTE_ADDR'] in sql queries?
>
> Br
> Tanel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
---------------------------------
Greetings from Rene7705,

My free open source webcomponents:
http://code.google.com/u/rene7705/
http://mediabeez.ws/downloads (and demos)

My music (i'm DJ firesnake)
http://mediabeez.ws/music

http://www.facebook.com/rene7705
---------------------------------
 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: In what scenario an extension of a class is useful?
Next: Problem with ssh2_connect