Re: [RFC] Block requests to builtin SQL functions where PHP can prove the call is vulnerable to a potential SQL-injection attack

From:	Lester Caine	Date:	Wed, 29 Jul 2015 09:02:48 +0000
Subject:	Re: [RFC] Block requests to builtin SQL functions where PHP can prove the call is vulnerable to a potential SQL-injection attack
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 28/07/15 18:33, Matt Tait wrote:
> What do you all think? There's obviously a bit more work to do; the PoC
> currently only covers mysqli_query, but I thought this stage is an
> interesting point to throw it open to comments before working to complete
> it.

If you want a safe and stable system ... don't use mysql ...
The problem is removing all of the poor quality on-line guides and
replacing them with ones which provide a mush better working model.
Trying to get PHP too pick up a few edge cases is a poor use of time.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk


   

Thread (45 messages)

• Matt TaitTue, 28 Jul 2015 17:33:31 +0000
  • Rowan CollinsTue, 28 Jul 2015 20:12:27 +0000
    • Christoph BeckerTue, 28 Jul 2015 20:42:41 +0000
      • Pierre JoyeTue, 28 Jul 2015 21:05:49 +0000
        • Thomas BleyWed, 29 Jul 2015 01:26:57 +0000
  • Lester CaineWed, 29 Jul 2015 09:02:48 +0000
    • Craig FrancisWed, 29 Jul 2015 15:11:06 +0000
      • Lester CaineThu, 30 Jul 2015 07:24:59 +0000
        • Craig FrancisThu, 30 Jul 2015 09:14:49 +0000
          • Joe WatkinsThu, 30 Jul 2015 12:14:24 +0000
            • Craig FrancisThu, 30 Jul 2015 12:40:16 +0000
            • Xinchen HuiThu, 30 Jul 2015 12:47:58 +0000
              • Craig FrancisThu, 30 Jul 2015 15:20:12 +0000
          • Ronald ChmaraThu, 30 Jul 2015 15:26:37 +0000
            • Craig FrancisThu, 30 Jul 2015 15:38:04 +0000
              • Ronald ChmaraFri, 31 Jul 2015 16:40:36 +0000
                • Craig FrancisSun, 02 Aug 2015 09:50:34 +0000
  • Scott ArciszewskiThu, 30 Jul 2015 13:43:06 +0000
    • Craig FrancisThu, 30 Jul 2015 15:20:28 +0000
      • Scott ArciszewskiThu, 30 Jul 2015 15:24:19 +0000
        • Craig FrancisThu, 30 Jul 2015 15:38:05 +0000
          • Joe WatkinsThu, 30 Jul 2015 16:02:33 +0000
            • Craig FrancisFri, 31 Jul 2015 10:40:37 +0000
              • Joe WatkinsFri, 31 Jul 2015 14:00:41 +0000
                • Craig FrancisFri, 31 Jul 2015 14:31:18 +0000
                • Matt TaitFri, 31 Jul 2015 14:47:41 +0000
    • Matt TaitFri, 31 Jul 2015 13:11:20 +0000
      • Craig FrancisFri, 31 Jul 2015 14:05:51 +0000
  • Lester CaineFri, 31 Jul 2015 14:11:14 +0000
  • Julien PauliWed, 05 Aug 2015 14:40:52 +0000
    • Anthony FerraraWed, 05 Aug 2015 15:27:01 +0000
      • Matt TaitWed, 05 Aug 2015 18:52:36 +0000
        • Anthony FerraraWed, 05 Aug 2015 20:53:14 +0000
          • Matt TaitThu, 06 Aug 2015 03:46:26 +0000
            • Dennis BirkholzThu, 06 Aug 2015 11:47:08 +0000
            • Anthony FerraraThu, 06 Aug 2015 21:34:26 +0000
              • Matt TaitThu, 06 Aug 2015 22:57:53 +0000
                • Craig FrancisMon, 10 Aug 2015 09:57:37 +0000
                  • Yasuo OhgakiTue, 11 Aug 2015 23:27:17 +0000
                    • Craig FrancisThu, 13 Aug 2015 11:00:41 +0000
                  • Christoph BeckerTue, 11 Aug 2015 23:43:32 +0000
                    • Craig FrancisThu, 13 Aug 2015 11:00:41 +0000
            • Yasuo OhgakiFri, 07 Aug 2015 01:29:12 +0000
              • Yasuo OhgakiFri, 07 Aug 2015 01:36:45 +0000
  • Yasuo OhgakiTue, 01 Sep 2015 02:58:08 +0000