I'm setting up a comments system on a site, with the comments stored
in a mysql database. To prevent sql-injection, I run
mysql_real_escape_string() on ingoing data. This should be enough to
protect the database (tell me if otherwise), but I'd like to prevent
people from posting Javascript and
-Original Message-
From: Dotan Cohen [mailto:[EMAIL PROTECTED]
Sent: Monday, November 06, 2006 3:24 PM
I'm setting up a comments system on a site, with the comments stored
in a mysql database. To prevent sql-injection, I run
mysql_real_escape_string() on ingoing data. This should
2 matches
Mail list logo