2718.us blog » sql http://2718.us/blog Miscellaneous Technological Geekery Tue, 18 May 2010 02:42:55 +0000 en hourly 1 http://wordpress.org/?v=3.0.4 Beware the SQL Injection… http://2718.us/blog/2008/04/15/beware-the-sql-injection/ http://2718.us/blog/2008/04/15/beware-the-sql-injection/#comments Tue, 15 Apr 2008 23:24:14 +0000 2718.us http://2718.us/blog/?p=18 Since I’ve already hit on SQL injection issues twice in the past two days (here directly and here indirectly through the non-issue with WP and SQL injection), why not add a cartoon to the mix…

]]>
http://2718.us/blog/2008/04/15/beware-the-sql-injection/feed/ 0
Note to Self: Validate Input before using it in SQL Queries http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/ http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/#comments Tue, 15 Apr 2008 18:53:51 +0000 2718.us http://2718.us/blog/?p=21 Right, of course, I should be doing this already, but having magic quotes in PHP4 may hvae made me a bit lazy in some instances, and just like I’ve been going through and fixing register_globals dependence… As I read here,

Both register_globals and Magic Quotes were implemented in PHP to help beginners who were learning to program in PHP or new to programming in general. One thing I noticed about the upgrade was that neither of the problems I encountered were major, but also that they weren’t related to the actual upgrade to version 5, as they both should have been taken care of already. It brings up the discussion of a good programmer versus a bad/lazy programmer. Most of the sites that had any issues, and the few that had major issues were ones that I had taken over and was hosting but didn’t initially create. The sites were not built so long ago that there was an excuse for using both register_globals and magic quotes, and it shows that having programming standards is important, and that keeping up to date with programming trends and upgrades to the programming language are very important. I’m glad I caught this before I upgraded to verion 6 when I possibly would have had a much harder time solving the problem.

]]>
http://2718.us/blog/2008/04/15/note-to-self-validate-input-before-using-it-in-sql-queries/feed/ 1
Matt (yes, that Matt) on WordPress Security http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/ http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/#comments Mon, 14 Apr 2008 17:28:56 +0000 2718.us http://2718.us/blog/?p=19 Even though the post title and first paragraph are about calling out a sound-and-fury-signifying-nothing alert, most of his post is good stuff on WordPress, with lots of links.

… there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google.

]]>
http://2718.us/blog/2008/04/14/matt-yes-that-matt-on-wordpress-security/feed/ 2