Dave G wrote:
If that text is not properly validated and escaped, you could
be open to SQL Injection attacks
I'm less clear on what properly escaped means. I thought
escaping was a matter of putting slashes before special characters, so
that their presence doesn't confuse the SQL queries
John,
If that text is not properly validated and escaped, you could
be open to SQL Injection attacks
...
you could be open to Cross Site Scripting attacks
After reading your response, I looked the web to determine what
you meant by properly validated and escaped.
From what I
PHP Listers,
I was just reading about Hardened PHP, and the debate between
those who thinks it's a good idea and those who think it will allow for
lazy coding. I'm firmly of the belief that any new security feature is a
good thing. If for no other reason that it will help me stay secure
From: Dave G [EMAIL PROTECTED]
I almost exclusively use PHP
to draw from data held within a MySQL database on the same server. I do
not allow users to upload files. I suppose the most that I allow users
to do is input some information like email addresses, user names and
passwords. But it
4 matches
Mail list logo