Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Active Record Vulnerability or Misunderstanding?
Active Record Vulnerability or Misunderstanding?
  • El Forum
    Unregistered
  •  
#2
12-07-2010, 11:03 AM

[eluser]WanWizard[/eluser]
If you pass an unset session variable, you're passing FALSE.

Since you can't pass a boolean to a query, it is converted to a string. The result is
Code:
SELECT * FROM (`testusers`) WHERE `id` = 0

If id is an integer field, it returns only that row (if it exists).

If id is a character field, the syntax is incorrect. "id = 0" evaluates to "is the string 'id' false'", which is true, so the query becomes "SELECT * FROM testusers WHERE TRUE", which returns all records.


Messages In This Thread
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-07-2010, 10:00 AM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-07-2010, 11:03 AM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-07-2010, 11:15 AM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-07-2010, 12:59 PM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-08-2010, 04:10 AM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-08-2010, 11:27 AM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-08-2010, 03:02 PM
Active Record Vulnerability or Misunderstanding? - by El Forum - 12-08-2010, 03:18 PM



Theme © iAndrew 2016 - Forum software by © MyBB