asmith Posted November 27, 2007 Share Posted November 27, 2007 if i set a text input, which a user can type anything to it, can it be so unsafe ? Link to comment https://forums.phpfreaks.com/topic/79047-leave-a-test-input-without-limit/ Share on other sites More sharing options...
BenInBlack Posted November 27, 2007 Share Posted November 27, 2007 yes, if the input goes into a database field, and you are not using prepared statements and value checking, there is potential for sql injections. also if you have Register Globals on, they could inject code to change your site. Note: I now see in the PHP doc that: This feature (Register Globals) is DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. Link to comment https://forums.phpfreaks.com/topic/79047-leave-a-test-input-without-limit/#findComment-400057 Share on other sites More sharing options...
asmith Posted November 27, 2007 Author Share Posted November 27, 2007 yea, i see the point . i was wondering about some input texts which could record " php and mysql" statements ,coding, anything into my database, but if i leave that i guess this "codes' can work backward and against me ! Link to comment https://forums.phpfreaks.com/topic/79047-leave-a-test-input-without-limit/#findComment-400058 Share on other sites More sharing options...
asmith Posted November 30, 2007 Author Share Posted November 30, 2007 what about comment textboxes ? don't we let the user type anything he want there ? Link to comment https://forums.phpfreaks.com/topic/79047-leave-a-test-input-without-limit/#findComment-403022 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.