[Wolves] PHP Sql select losing a row

Robert Graffham robert.graffham at googlemail.com
Tue Jul 16 11:08:51 UTC 2013


On 16 Jul 2013 01:06, "Wayne Morris" <waynelists at machx.co.uk> wrote:
>users have absolutely no opportunity to enter write ANY data to the
database (apart from in a remarks column which IS escaped) - all other
interaction with the database is by radio buttons, timestamps being entered
> into fields automatically etc.

While you'll maybe be safe simply because you don't have enough users (but
remember, it only takes one attack from one malicious user, no matter how
few you have total or how soon their access is revoked), I wouldn't be so
sure. The HTML output suggests this is done via forms on a page, and check
boxes/dropdowns/etc. are submitted as their value. This means if someone
edits the page, or simply sends a false request, the values you receive may
*not* be expected values.

Basically: never trust *anything* sent via an HTML form unless you've
checked it and/or sanitized it already.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20130716/e1441c11/attachment-0001.html>


More information about the Wolves mailing list