Re: [PHP] advice on sql injection/XSS prevention

If you know you are using MySQL, you could pass all database input through mysql_real_escape_string. Or you could use prepared statements and not have to worry about escaping the data, as MySQL *knows* it's data. You'll probably not be able to defeat XSS in any meaningful way, however... Perhap

Re: [PHP] advice on sql injection/XSS prevention

little effort -- no installation required. From: Zoltán Németh <[EMAIL PROTECTED]> To: Bing Du <[EMAIL PROTECTED]> CC: php-general@lists.php.net Subject: Re: [PHP] advice on sql injection/XSS prevention Date: Thu, 05 Apr 2007 16:23:23 +0200 I think it is generally a Bad Idea to allow

Re: [PHP] advice on sql injection/XSS prevention

I think it is generally a Bad Idea to allow users to submit code into your system... you would be better off if you would provide some pseudo-coding possibilities which would allow them to insert certain functionalities into their content - with you providing the real code running behind and replac

[PHP] advice on sql injection/XSS prevention

Hi, I'm not an experienced PHP developer. We're hosting a content management system that allow authorized people to add PHP contents. Their PHP coding levels varies. Some are very security sensitive, but some are not. I want to know if PHP has any ready-to-use funtion to validate form input to