Hi Bruce, On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce <bruceb...@gmail.com> wrote:
> > I have my html/php file set so that the input field only takes 3 digit 3 > digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop > database YOUR_DATABASE'; *would fail due to big length and also I tested > with inputing letters and my IF function caught it and exited. > > Further more, everything else (other than phone input fields) is drop down > boxes with specific numbers or letters inserted in them. I should be 100% > safe with those right? > Another moment of trepidation should be triggered when you use the words "input field" as related to forms. While most people will use an ordinary web browser and whatever fields you provide, hackers aren't most people. Anyone wanting to break your site isn't going to be nice and follow the nice rules and use the forms which might have validation. Even beginner not-nicers can put together a simple form with your POST as their target and whatever field lengths and values as they want. You have to treat all input as hostile, since it all can be. It's the only way you can be safe. Thanks, Gerald
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
