De-tainting a number
Mark Ingram
mark.ingram at nexsan.com
Fri Jul 25 15:15:24 UTC 2003
Thanks alot!
There is just one small problem, a $bugid of 37 gets changed to 1 when i try
it??
I have the following code:
my $bug_id = detaint_natural($bugid) || ThrowUserError("invalid_bug_id");
print "bug_id: $bug_id\n<br>bugid: $bugid";
The print out looks like this:
bug_id: 1
bugid: 37
Is there any particular reason for this?
Best Regards,
Mark Ingram
Software Engineer
Nexsan Technologies
33 - 35 Parker Centre
Mansfield Road
Derby
DE21 4SZ
-----Original Message-----
From: developers-owner at bugzilla.org
[mailto:developers-owner at bugzilla.org]On Behalf Of David Miller
Sent: 25 July 2003 16:05
To: developers at bugzilla.org
Subject: Re: De-tainting a number
On 7/25/2003 3:10 PM +0100, Mark Ingram wrote:
> I have the following line:
>
> SendSQL("INSERT INTO bugs (reg_test) VALUES (" .
>SqlQuote($reg_test) . ")
> WHERE bug_id = $bugid");
>
> which isnt working obviously because the $bugid is still tainted. How do i
> de-taint a number?
detaint_natural($bugid) || ThrowUserError("invalid_bug_id");
You'll have to double-check the error tag, I don't remember them all. The
errors are in template/en/default/global/user-error.html.tmpl
--
Dave Miller Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/ http://www.bugzilla.org/
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=mark.ingram@nexsan.com>
More information about the developers
mailing list