appdb security

Jonathan Ernst jonathan at
Thu Jun 8 11:12:20 CDT 2006

Le jeudi 08 juin 2006 à 11:42 -0400, Chris Morgan a écrit :
> Can you come up with a non-destructive working example for the appdb 
> website( ;-)
> I ask because I thought we went through this some time ago but I agree that 
> what you say looks like an open issue.
> Chris

Lately I used the following snippet in all my webapps to secure them
against sql injection : under "Best practice".

function smart_quote($value)
   // Stripslashes
   if (get_magic_quotes_gpc()) {
     $value = stripslashes($value);
   // Protect it if it's not an integer
   if (!is_numeric($value)) {
     $value = "'" . mysql_real_escape_string($value) . "'";
   return $value;

// Secure query
$sQuery = sprintf("SELECT *
                   FROM users
                   WHERE user=%s AND password=%s",

I think it is better than what we have now in AppDB (didn't check it
though). If nobody looks at it, I'll check the code after my master
thesis (in one month).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url :

More information about the wine-devel mailing list