Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Wed, 14 May 2003 14:57:28 +0200
From: Benjamin Schulz <[email protected]>
To: [email protected]
Subject: Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

Hi Rynho,

> if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
> {
>     echo "I don't like you >:|";
>     exit();
> }

you know that $cid == NULL equals $cid == ""? (int)0, too btw.
either check $cid == '' (what is 0 & NULL, too)
or $cid === NULL || $cid === '',
or empty($cid)

Mit freundlichen Gruessen / Kind regards
-- 
Benjamin Schulz

There are 10 types of people: those who understand binary and
those who don't.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: