[EMAIL PROTECTED] wrote:
So if I could broaden the question and ask, in general, what people
recommend for pre-processing data before it goes into a SQL
statement.
For escaping, I recommend an escaping function specific to your
database. These exist for most popular databases. As a last resort, yo
Thanks a ton, Chris & Chris! Clear, concise and informative answers are always
the best :) I knew the basic theory but never looked into the specifics on
what, exactly, could be harmful in cases like this. In cases of security
'common sense' isn't always helpful because it's the uncommon sen
Hey!
Thanks for replying.
I was just going to write to you (after your last reply to my questions)
that someone recommended your site and after i made a quick visit...if you
could direct me to the exact page/section...guess you read my mind :-D
Thanks,
Ryan
On 3/26/2005 7:47:36 PM, Chris Shifle
Chris Ramsay wrote:
This is excellent:
http://www.shiflett.org/
I'm glad you think so. :-)
There's a free article there on SQL injection:
http://shiflett.org/articles/security-corner-apr2004
I'm always refining the methods in which I explain things like SQL
injection, so my replies on this thread
Hi Ryan,
From what i have been reading, wrapping all my GET and POST requests in a
htmlentities() function should keep me saferight? or what else should
i/can i do?
No, let me start by correcting a misunderstanding. Yes, htmlentities()
is an escaping function, but it is for escaping data for u
With htmlentities() you are safe also to potential XSS attacks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
This is excellent:
http://www.shiflett.org/
Chris R
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Actually I was just about to look into this again myself since I'm working on a
project that I'd like to protect from SQL injections.
htmlentities() is a start, but that's not going to protect you from someone
using apostrophes (single quotes) and breaking your SQL in other ways.
While some of
Hi,
Just a quick question, I have been reading a lot about SQL injection doing a
s**tload of damage to many sites, I myself use a pagentation class which
sends the page number from page to page in a $_GET['page'] request which
gets used in a LIMIT parameter.
>From what i have been reading, wrappi
9 matches
Mail list logo
