search for: mysql_real_escape_string

...45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45) -- /* and reject any incoming string containing ' or " in addition to PHP's strip_tags and (deprecated in later versions) mysql_real_escape_string($_GET['....'],$link); I do not use Wordpress or anything like it. -- Regards, Paul. England, EU. England's place is in the European Union.

...> > I should have imposed strict controls on the length of > > parameters passed to programmes via web pages $_GET[] such as... > > and reject any incoming string containing ' or " in addition to PHP's > > strip_tags and (deprecated in later versions) > > mysql_real_escape_string($_GET['....'],$link); > > No. No. Nooooooooo. > > You're missing the point that everyone is trying to communicate to you. > Do not use string concatenation. Do not use sprintf. Do not use > mysql_real_escape_string(). I have never (not once) used non-prepared...

..._mysql.c:100: undefined reference to `ast_log' res_config_mysql.o(.text+0xb5):/usr/local/src/asterisk-addons-1.4.1/res_config_mysql.c:108: undefined reference to `ast_log' res_config_mysql.o(.text+0x181):/usr/local/src/asterisk-addons-1.4.1/res_config_mysql.c:126: undefined reference to `mysql_real_escape_string' res_config_mysql.o(.text+0x257):/usr/local/src/asterisk-addons-1.4.1/res_config_mysql.c:133: undefined reference to `mysql_real_escape_string' res_config_mysql.o(.text+0x2e4):/usr/local/src/asterisk-addons-1.4.1/res_config_mysql.c:138: undefined reference to `ast_log' res_config_mysq...

...M, Always Learning wrote: > I should have imposed strict controls on the length of > parameters passed to programmes via web pages $_GET[] such as... > and reject any incoming string containing ' or " in addition to PHP's > strip_tags and (deprecated in later versions) > mysql_real_escape_string($_GET['....'],$link); No. No. Nooooooooo. You're missing the point that everyone is trying to communicate to you. Do not use string concatenation. Do not use sprintf. Do not use mysql_real_escape_string(). Use prepared statements. http://php.net/manual/en/mysqli.quickstart.pre...

...ying to do this : http://www.voip-info.org/tiki-index.php?page=Asterisk%20sip%20mysql%20peers on a FreeBSD (4.9-RELEASE-p11) with mysql 3.23.58 (from the ports) but the only thing i'm getting is : Aug 18 20:22:27 WARNING[135151616]: /usr/lib/asterisk/modules/chan_sip.so: Undefined symbol "mysql_real_escape_string" Aug 18 20:22:27 WARNING[135151616]: Loading module chan_sip.so failed! The Mysql libs seems to be running correctly (cdr_addon_mysql.so is working). I'd really don't know where to begin my search... Maybe someone can help ? Cheers r1

...MySQL.c:(.text+0x23fd): undefined reference to `mysql_errno' RS-MySQL.o:RS-MySQL.c:(.text+0x252a): undefined reference to `mysql_fetch_lengths' RS-MySQL.o:RS-MySQL.c:(.text+0x28fd): undefined reference to `mysql_insert_id' RS-MySQL.o:RS-MySQL.c:(.text+0x29cd): undefined reference to `mysql_real_escape_string' RS-MySQL.o:RS-MySQL.c:(.text+0x2a7a): undefined reference to `mysql_get_client_info' RS-MySQL.o:RS-MySQL.c:(.text+0x2ab8): undefined reference to `mysql_get_client_version' RS-MySQL.o:RS-MySQL.c:(.text+0x2afc): undefined reference to `mysql_server_init' RS-MySQL.o:RS-MySQL.c:(.t...

mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using readline 5.1 I spotted something strange and immediately installed a routine to automatically impose an iptables block when the key used for database access is excessively long. My URL was something like this ...../...../.....php?key=123456 The injection was something like this