PHP Classes
elePHPant
Icontem

First of all, if a value is numeric, there won't be any char ...

Recommend this page to a friend!

      police  >  All threads  >  First of all, if a value is numeric,...  >  (Un) Subscribe thread alerts  
Subject:First of all, if a value is numeric,...
Summary:Package rating comment
Messages:4
Author:Sven Dunemann
Date:2011-08-04 19:01:17
Update:2011-10-03 08:28:40
 

Sven Dunemann rated this package as follows:

Utility: Bad
Consistency: Sufficient
Examples: Sufficient

  1. First of all, if a value is numeric,...   Reply   Report abuse  
Sven Dunemann - 2011-08-04 19:01:17
First of all, if a value is numeric, there won't be any char like <, > or " because with this chars value is a string.

Also it is easy to manipulate SESSIONs, so here we can INJECT the database because there is no escape of $username = $_SESSION['user'] which can be faked.

Sorry but this class is very bad and not usefull.
Try next time when you know how to handle injections ;)

  2. Re: First of all, if a value is numeric,...   Reply   Report abuse  
omid zarifi - 2011-09-01 11:29:01 - In reply to message 1 from Sven Dunemann
$username just for example.
u not use this variant ( $username ).
i will fix this problems in next version of this class .
thank you

  3. Re: First of all, if a value is numeric,...   Reply   Report abuse  
omid zarifi - 2011-09-01 11:41:34 - In reply to message 1 from Sven Dunemann
i fix injection bug .
but in next version you can user any char .
I'm happy to vote for me.
phpclasses.org/vote.html

  4. Re: First of all, if a value is numeric,...   Reply   Report abuse  
Martin Pircher - 2011-10-03 08:28:41 - In reply to message 3 from omid zarifi
Injection is still possible as you do not escape $br.
Could be easily fixed by mysql_real_escape_string($br).