SQL Injection immunity on Ubuntu
Dax Solomon Umaming
knightlust at ubuntu.com
Wed May 7 07:11:09 UTC 2008
Hi,
I'm supposed to send this to ubuntu-users list but I believe this question's
more fitting to this list.
I've been developing web applications based on PHP and MySQL since Dapper, and
only now am I worried about SQL injection. You see, my next project's another
web app - but for our consumers (and there are a lot of smarter users out
there).
Our server's still using Gutsy, and I've tried snippets from
http://en.wikipedia.org/wiki/SQL_injection . I'm surprised to see that PHP
escaped them with \. I've echoed almost all forms on my scripts with the same
results.
So now my questions are;
Is the default LAMP stack on Ubuntu Server immune from SQL Injections?
If I move my PHP script to a freshly-installed Hardy, will I get the same
result?
Thanks
--
Dax Solomon Umaming
http://blog.knightlust.com/
GPG: 0x715C3547
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080507/3915b592/attachment.pgp>
More information about the ubuntu-server
mailing list