[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] turn off error loggin for specific MySQL query (Form Security)

Subject: [ic] turn off error loggin for specific MySQL query (Form Security)
From: interchange-users@icdevgroup.org (Paul Jordan)
Date: Sat Dec 14 12:29:00 2002
In-reply-to: <007a01c2a38b$05748860$0a01000a@badtzmaru.com>

> > [tag flag write]mb_boxlist[/tag]
> >    [query table="mb_boxlist" sql=|
> >         INSERT     mb_boxlist
> >            SET     username = '[data session username]',
> >                    boxname = '[cgi n_name]',
> >                    password = '[cgi n_pass]',
> >                    description = '[cgi n_desc]'
> >       |][/query]
> > --------------------------------------------------------
>
>     If that is on your end-user side make sure you use a
> filter to sanitize
> that data before using it to build a query.
>
> Jeff

Thanks Jeff

I am glad you brought this up becuase I have been wanting to audit my
site for some time. Does this seem satisfactory (in example)?

    [cgi name=n_name filter="textarea_put entities"]

I also set my inputs to the bare minumum maxlenght. The ones in the
above are all < 20.

Thanks in advance

Paul

References:
- [ic] turn off error loggin for specific MySQL query -or- not do at all
  - From: interchange-users@icdevgroup.org (Jeff Dafoe)

Prev by Date: [ic] credit card payments at undefined organization
Next by Date: [ic] credit card payments at undefined organization
Previous by thread: [ic] turn off error loggin for specific MySQL query -or- not do at all
Next by thread: [ic] installing problems
Index(es):
- Date
- Thread