i'm desiging a myspace clone that requires invitation. I want to know if there's anyway someone could enter a wildcard character and have the if statement workout to true when their invitation code is entered. is there anyway to enter a quote and then another symbol like " != and it would close the quote and evaluate to not equals the invitation codes in my database. please help i feel like i'm overlooking something simple.
2007-10-13 09:06:48 · 3 answers · asked by jxceran3 1 in Computers & Internet ➔ Programming & Design
this kind of hacking technique is called sql injection. if magic quote are turned on then you dont have to worry. otherwise use mysql_real_escape_string() to filter sql injection.
for example...
' OR 1=1##
would cause the condition to be true all the time. but magic quote or mysql_real_escape_string() will replace the single quote with \'
\' OR 1=1##
will not cause this problems and is sql injection safe
o just so you know, pros don't keep magic_quote on. becuase it will automatically check all input strings and might replace something that it's not supposed to.
2007-10-13 09:20:17 · answer #1 · answered by initialxy 3 · 0⤊ 0⤋
You could put something like "semi formal dress required". Saying "appropriate" is somewhat insulting to the people who know how to dress for a wedding, NO, you are not the only one who has seen people come to a wedding dresses inappropriatly. I went to a wedding last summer. It was beautiful, a nice garden wedding with a reception in a pavillion over the water. This group of people showed up in shorts, tanks and flip flops. They had been out at the lake for the weekend and did not have the courtesy to go and change, came in smelling like beach and sun tan lotion. FLIP FLOPS at a wedding. There I was in a chiffon sun dress, just thinking WTF?? They looked out of place, but did not care. There was another wedding I went to where a few people did not bother to attend the ceremony, but showed up at the reception in jeans..looking like they were going out to a club! It was terrible. People do not always respect the fact that a wedding is more than a party. I totally see your point. Put "semi formal dress" on it and you should be ok.
2016-05-22 06:17:58 · answer #2 · answered by latrice 3 · 0⤊ 0⤋
Well, if you design your validation carefully enough to filter out any sort of expression or logic characters and wildcards first...
2007-10-13 10:11:24 · answer #3 · answered by Kasey C 7 · 0⤊ 0⤋