[30149] in bugtraq
Re[2]: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
daemon@ATHENA.MIT.EDU (Benjamin Schulz)
Thu May 15 16:21:13 2003
Date: Wed, 14 May 2003 14:57:28 +0200
From: Benjamin Schulz <lists@hnc.cc>
Reply-To: lists@hnc.cc
Message-ID: <3717736283.20030514145728@hnc.cc>
To: bugtraq@securityfocus.com
In-Reply-To: <8506.1052778145@www60.gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi Rynho,
> if(!isset($cid) || $cid == NULL || $cid == "" || !is_numeric ($cid))
> {
> echo "I don't like you >:|";
> exit();
> }
you know that $cid == NULL equals $cid == ""? (int)0, too btw.
either check $cid == '' (what is 0 & NULL, too)
or $cid === NULL || $cid === '',
or empty($cid)
Mit freundlichen Gruessen / Kind regards
--
Benjamin Schulz
There are 10 types of people: those who understand binary and
those who don't.
