1
wishcraft
SQL Attacks, Ingestions & Easy Coding Solutions

The thing I have noticed about programmers of PHP is how little this gramatical clause is not used in PHP, you know how you have to check things are an INT or a String and so with SQL Questions & the code of php.

Take this coding example, where we need an int.

$sql "SELECT * FROM _prefix_users WHERE uid = ".$xoopsUser->uid()

// This has a better clause to force the interger type

$sql "SELECT * FROM _prefix_users WHERE uid = ".(int)$xoopsUser->uid()


This process for example of putting (int), (float), (string) & so on allows for the variable to be force to that type.. you put this between a variable and it's co-signing.
Resized Image
http://www.ohloh.net/accounts/226400

Follow, Like & Read:-

twitter.com/RegaltyFamily
github.com/Chronolabs-Cooperative
facebook.com/DrAntonyRoberts

2
ghia
Re: SQL Attacks, Ingestions & Easy Coding Solutions
  • 2009/2/3 22:35

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


I don't think it is a good idea to put these kind of typecasts in front of everything. Incorrect use may lead to some unexpected results.

Variables should be controlled on the source and that is in general the form where they are filled in. So it is when the get and post variables are imported, that the validation has to be done by php. For integers this is best done by the intval function and the program can then generate error messages or supply a default value if needed.

I find the example above useless, because $xoopsUser->uid is already defined as an integer.
Furthermore you should even not try to do a SQL request when there is no valid argument data available.

3
Marco
Re: SQL Attacks, Ingestions & Easy Coding Solutions
  • 2009/2/6 6:56

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


use correctly the XOOPS API (especially the handlers) and your variables will be correctly sanatized.
Do synergy or die.

Login

Who's Online

124 user(s) are online (65 user(s) are browsing Support Forums)


Members: 0


Guests: 124


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits