Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Site Related Forums
 The Yak Corral
 Dave vs LAMP or Feedback and testing Wanted
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

byrmol
Shed Building SQL Farmer

Australia
1591 Posts

Posted - 08/16/2006 :  19:08:37  Show Profile  Reply with Quote
I am building a website and need your feedback and testing.

A mate of mine set up the initial layout and libraries and I added content. The time has come now for Dave to add some data action to the site........

The web site uses the LAMP (LINUX, Apache, MySQL, PHP) methodology. I've used MySQL before, but this is the first time I have used PHP. I am impressed with PHP library and the syntax is easy enough.

Let's cut to the chase...

SQL INJECTION
Without sprocs in MySQL, I am relying on the middle tier to prevent it.. which as far as I am concerned is less than ideal...

So before I get serious I need some testing/validation of the techinque I am using.

Anyway your mission if you choose to accept it, is to successfully complete the survey.www.honestbeef.com.au/survey.php

If the email address exists (or if you can trick it to think it exists), the results are inserted, else you are told that you are not eligible.

For the next 24 hours, I have dropped the regex pattern for emails in the initial UI check and thus allow you to enter anything...

Please be gentle with it... It is not running on much..

I would also appreciate any feedback on the site...

DavidM

Production is just another testing cycle

spirit1
Cybernetic Yak Master

Slovenia
11752 Posts

Posted - 08/17/2006 :  07:01:28  Show Profile  Visit spirit1's Homepage  Reply with Quote
this is a cool link IMO for php sql injection:
http://www.hiveminds.co.uk/node/3104/



Go with the flow & have fun! Else fight the flow
blog thingie: http://weblogs.sqlteam.com/mladenp
Go to Top of Page

byrmol
Shed Building SQL Farmer

Australia
1591 Posts

Posted - 08/17/2006 :  16:15:39  Show Profile  Reply with Quote
Thanks

DavidM

Production is just another testing cycle
Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2019 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000