[asterisk-users] PHP can't insert - Can someone please help

Gerald A geraldablists at gmail.com
Mon Jul 12 18:39:20 CDT 2010


Hi Bruce,

On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce <bruceb444 at gmail.com> wrote:

>
> I have my html/php file set so that the input field only takes 3 digit 3
> digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop
> database YOUR_DATABASE'; *would fail due to big length and also I tested
> with inputing letters and my IF function caught it and exited.
>
> Further more, everything else (other than phone input fields) is drop down
> boxes with specific numbers or letters inserted in them. I should be 100%
> safe with those right?
>

Another moment of trepidation should be triggered when you use the words
"input field" as related to forms.

While most people will use an ordinary web browser and whatever fields you
provide, hackers aren't most people. Anyone wanting to break your site isn't
going to be nice and follow the nice rules and use the forms which might
have validation.

Even beginner not-nicers can put together a simple form with your POST as
their target and whatever field lengths and values as they want.

You have to treat all input as hostile, since it all can be. It's the only
way you can be safe.

Thanks,
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100712/19d87221/attachment.htm 


More information about the asterisk-users mailing list