asmith Posted November 27, 2007 Share Posted November 27, 2007 if i set a text input, which a user can type anything to it, can it be so unsafe ? Quote Link to comment Share on other sites More sharing options...
BenInBlack Posted November 27, 2007 Share Posted November 27, 2007 yes, if the input goes into a database field, and you are not using prepared statements and value checking, there is potential for sql injections. also if you have Register Globals on, they could inject code to change your site. Note: I now see in the PHP doc that: This feature (Register Globals) is DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. Quote Link to comment Share on other sites More sharing options...
asmith Posted November 27, 2007 Author Share Posted November 27, 2007 yea, i see the point . i was wondering about some input texts which could record " php and mysql" statements ,coding, anything into my database, but if i leave that i guess this "codes' can work backward and against me ! Quote Link to comment Share on other sites More sharing options...
asmith Posted November 30, 2007 Author Share Posted November 30, 2007 what about comment textboxes ? don't we let the user type anything he want there ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.