20 Apr
2006
20 Apr
'06
4:22 a.m.
Hi!
Actually that's not a solution to the problem. PMA needs to be fed SQL commands, and we need to accept the via POST.
yes, but we should escape it before displaying in browser
Ah, I overread that. Yes, escaping SQL when displaying it would be wise.
- We need to utilize sessions. Only via sessions, form tokens could be
easily implemented, because a server-token needs to be compared with a client-token.
sessions already utilized
Seems I missed that, too. Since when does PMA use sessions, and what are they currently used for? Did I also miss session saving of large SQL queries when browsing rows to get rid of the "?" editing buttons and max-GET-length exceeded problems?
Best regards, Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in