[Phplib-users] Auth question
Brought to you by:
nhruby,
richardarcher
From: Rob H. <rob...@ws...> - 2002-11-08 03:43:58
|
The current auth is just doing a sprintf to insert the username passed from the login for to the query, but a user name like: ";insert into auth_user_md5 (user_id, username, password) VALUES (5,'theif','password');" would get passed right through wouldn't it? Or would sprintf choke on the imbedded quotes? I will try it, I just don't have time right now. Rob Hutton Web Safe www.wsafe.com |