Playing with loopholes

The most amusing things happen when you’re been coding a long time. I found, and used a “hole” in one of our database routines (which has since been fixed)

getOneValueFromTable($srcTable, $srcField, $whereField, $whereValue);
produces SQL like “SELECT $srcField FROM $srcTable WHERE $whereField = ‘$whereValue'”. Can you spot the potential problems in something like this? Consider this: getOneValkueFromTable($srcTable, $srcField, ‘1’, ‘1’; delete from $srcTable; ”);

Granted its not much of a problem if only proper developers are able to use this function, but if any untrusted party were able to affect any of those variables… big problems…

Everyone should know this. If you didnt know this kind of a problem existed… consider yourself warned. This has been a public service announcement. We now return you to the normal silence found on this blog

;)

cheers
DK

Leave a Reply