Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
byrmol
Shed Building SQL Farmer
1591 Posts |
 Posted - 2006-08-16 : 19:08:37
|
| I am building a website and need your feedback and testing.A mate of mine set up the initial layout and libraries and I added content. The time has come now for Dave to add some data action to the site........The web site uses the LAMP (LINUX, Apache, MySQL, PHP) methodology. I've used MySQL before, but this is the first time I have used PHP. I am impressed with PHP library and the syntax is easy enough.Let's cut to the chase...SQL INJECTIONWithout sprocs in MySQL, I am relying on the middle tier to prevent it.. which as far as I am concerned is less than ideal...So before I get serious I need some testing/validation of the techinque I am using.Anyway your mission if you choose to accept it, is to successfully complete the survey.[url]www.honestbeef.com.au/survey.php[/url]If the email address exists (or if you can trick it to think it exists), the results are inserted, else you are told that you are not eligible.For the next 24 hours, I have dropped the regex pattern for emails in the initial UI check and thus allow you to enter anything...Please be gentle with it... It is not running on much.. I would also appreciate any feedback on the site...DavidMProduction is just another testing cycle |
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-08-17 : 07:01:28
|
this is a cool link IMO for php sql injection:http://www.hiveminds.co.uk/node/3104/Go with the flow & have fun! Else fight the flow  blog thingie: http://weblogs.sqlteam.com/mladenp |
 |
|
|
byrmol
Shed Building SQL Farmer
1591 Posts |
Posted - 2006-08-17 : 16:15:39
|
| ThanksDavidMProduction is just another testing cycle |
|
|
|
|
|
|
Dave vs LAMP or Feedback and testing Wanted