[Tilesathome] Long jobs
Iván Sánchez Ortega
ivansanchez at escomposlinux.org
Fri Apr 18 15:04:32 BST 2008
<quote who="Marcus T. Jaschen">
> On 18.04.2008, at 15:40, Iván Sánchez Ortega wrote:
>>
>> The client should do a HTTP POST request with username/passwd and
>> version (as in other t at h requests), and with the x, y and z parameters
>> of the tileset that it requested previously.
>
> Before putting this into production all POST variables used in the SQL
> query string should be escaped to prevent SQL injection!
Hey, I took SQL injection 101 too ;-)
I double-checked it: users.inc and version.inc take care of the
username/passwd/version strings, whereas the x/y/z are casted into
integers via sprintf().
--
Iván Sánchez Ortega <ivan at sanchezortega.es>
Un ordenador no es un televisor ni un microondas, es una herramienta
compleja.
More information about the Tilesathome
mailing list