Re: [PHP-DB] sql injections/best practises

2008-11-10 Thread mignon hunter
Thank you Christopher - this gives me some much needed direction. --- On Fri, 11/7/08, Christopher Jones [EMAIL PROTECTED] wrote: From: Christopher Jones [EMAIL PROTECTED] Subject: Re: [PHP-DB] sql injections/best practises To: [EMAIL PROTECTED] Cc: php-db@lists.php.net Date: Friday, November 7

Re: [PHP-DB] sql injections/best practises

2008-11-10 Thread mignon hunter
thank you so much Fergus for all this great info - this will get me started. --- On Sat, 11/8/08, Fergus Gibson [EMAIL PROTECTED] wrote: From: Fergus Gibson [EMAIL PROTECTED] Subject: Re: [PHP-DB] sql injections/best practises To: php-db@lists.php.net Date: Saturday, November 8, 2008, 12:42 PM

Re: [PHP-DB] sql injections/best practises

2008-11-10 Thread Fergus Gibson
On Mon, Nov 10, 2008 at 8:49 AM, mignon hunter [EMAIL PROTECTED] wrote: One other question. Our current site is written in jsp with Oracle. I'd like to use PHP. Do you have any thoughts on this? Your post, mignon, was pretty clearly directed to Christopher, but I hope neither of you will be

Re: [PHP-DB] sql injections/best practises

2008-11-10 Thread mignon hunter
.   Oracle is the db on most of the site - a little mysql too. --- On Fri, 11/7/08, Christopher Jones [EMAIL PROTECTED] wrote: From: Christopher Jones [EMAIL PROTECTED] Subject: Re: [PHP-DB] sql injections/best practises To: [EMAIL PROTECTED] Cc: php-db@lists.php.net Date: Friday, November 7, 2008, 5

Re: [PHP-DB] sql injections/best practises

2008-11-10 Thread Christopher Jones
mignon hunter wrote: Hi Christopher One other question. Our current site is written in jsp with Oracle. I'd like to use PHP. Do you have any thoughts on this? My recommendation is to utilize the existing skills you have; this echoes Fergus's comment. However, PHP is very popular and if

Re: [PHP-DB] sql injections/best practises

2008-11-08 Thread Fergus Gibson
On Fri, Nov 7, 2008 at 3:39 PM, Christopher Jones [EMAIL PROTECTED] wrote: mignon hunter wrote: I'm am trying to find some definitive best practises on database connections with php on both mysql and oracle. Most security issues come back to a simple concept. Assume anything in your scripts

[PHP-DB] sql injections/best practises

2008-11-07 Thread mignon hunter
I'm am trying to find some definitive best practises on database connections with php on both mysql and oracle.   I'm starting to redesign a corporate website and am trying to find out more about security and the best practises for database queries and user input form handling.   For example - 

Re: [PHP-DB] sql injections/best practises

2008-11-07 Thread Christopher Jones
mignon hunter wrote: I'm am trying to find some definitive best practises on database connections with php on both mysql and oracle. I'm starting to redesign a corporate website and am trying to find out more about security and the best practises for database queries and user input form