On Tue, 31 May 2005, Kae Verens wrote:
> I'd like to argue that the semi-colon is completely redundant in
> PHP' SQL calls. The semi-colon is used to delimit statements, and
> so is only really needed when you are going to use another
> statement in the same SQL call. But - using multiple statements in
> single calls is an invitation for injection attacks.
Exactly how does not using semi-colons in ones own code protect one
from semi-colons injected in user input / reduce in any way need to
fully validate input?
> Kae
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
BASIC is to computer programming as QWERTY is to typing.
-- Seymour Papert
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
