Security much?
by
, 10th October 2007 at 05:01 PM (2881 Views)
Minor rant i've been meaning to post to the programming forum for a while but never got arround to it... The following example is based on some code i was asked to review for security a while back I still can't believe anyone would do something like this and cannot understand why they can't see the problem with it.
Then in a later script to retrieve the values:PHP Code:
foreach($_REQUEST as $key => $value)
{
$str .= $key . "=" . $value . "|";
}
mysql_query("INSERT INTO table (userinput) values (" . addslashes($str) . ");");
Am I the only one who sees something wrong with that code?PHP Code:
//assume $row['userinput'] contains the string retrieved from the mysql db.
$vars = explode("|",$row['userinput']);
foreach($vars as $val)
{
$tmp = explode("=",$val);
$$tmp[0] = $tmp[1];
}