Jump to content

Search the Community

Showing results for tags 'injection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL








Donation Link

Found 4 results

  1. Hey guys, i have created a php file which takes two parameters: a subdirectory path a file extension it then echos the complete path pf (glob()) all the files with that extension in the searching folder. I wanted to know the security issues involved with this and how i might use escape methods to make sure someone can't move up the directory listing and get other filename. Are there any other concerns i should have? No data is coming or going to a database however there are other php files on the server which communicate with mySQL. Thanks alot!
  2. Does this code have mySQL Injection vulnerability? $query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')"; using php5, would this make the code more safe... foreach($array as $key=>$a){ $array[$key] = mysql_real_escape_string($a);} $query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')"; or is there another way to make the code safe?
  3. (I'm putting this in PHP since it's not a question specific to MySQL or other DB stuff.) I have a page that uses the GET id to find a product. GET variables are sanitized, and the SQL string is escaped even though it's expecting a number only. So the code seems safe to me. I'm getting some error_log results that appear to be hack attempts: SELECT p.*, t.id as blah FROM some_table p left outer join some_other_table t on p.id = t.product_id WHERE p.id = 139\' and benchmark(20000000,sha1(1))-- Should I be worried about something like this? Anything more (or less) that I should be doing?
  4. I'm currently working on a WordPress website project and I am hoping someone can help me out on this. In the registration page, the data entered is stored into the WordPress database. I've also build a connection to store those data into an external database as well. So basically, If a visitor registers on the site, their data info is stored in the WP and external DB. My question is since the external DB relies on checking to see if the submit button has been pressed, do those data input values need to be escaped to prevent sql injection into the external DB since the data submitted to WordPress has already been sql escaped? Thanks for helping.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.