sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-15 16:38:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

bug #54041 - http post vars are set before processing. changed order to make example give shown output

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@308511 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
David Tajchreber 2011-02-20 22:41:18 +00:00
parent d9b0caea3f
commit f97cf90f64
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
reference/mysql/functions/mysql-real-escape-string.xml
View file

@ -83,14 +83,14 @@ $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
<programlisting role="php">
<![CDATA[
<?php
// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";
mysql_query($query);
// We didn't check $_POST['password'], it could be anything the user wanted! For example:
$_POST['username'] = 'aidan';
$_POST['password'] = "' OR ''='";
// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";
mysql_query($query);
// This means the query sent to MySQL would be:
echo $query;
?>