[TYPO3-dev] pi_exec_query with addWhere returns only one element, what is wrong?
Peter Russ
peter.russ at 4many.net
Tue Nov 28 23:41:38 CET 2006
Matthias Stuebner schrieb:
> Hello all,
[...]
> --------- code start -------------
> // 1. implode $_POST['lit_uid'] into comma separated list
> $comma_separated = implode(",", $_POST['lit_uid']);
Hallo Matthias,
accessing POSTed values without further checking might be a security
issue. Ever tried this:
$_POST['lit_uid'][0]='1);delete from tx_TestDB_main;';
;-)
Regs. Peter.
--
Fiat lux!
Docendo discimus.
_____________________________
4Many® Services
openBC: http://www.openbc.com/go/invuid/Peter_Russ
More information about the TYPO3-dev
mailing list