Dave G wrote:
If that text is not properly validated and escaped, you could
be open to SQL Injection attacks
>
I'm less clear on what "properly escaped" means. I thought
escaping was a matter of putting slashes before special characters, so
that their presence doesn't confuse the SQL queri
John,
> If that text is not properly validated and escaped, you could
> be open to SQL Injection attacks
>...
> you could be open to Cross Site Scripting attacks
After reading your response, I looked the web to determine what
you meant by "properly validated and escaped".
From wh
From: "Dave G" <[EMAIL PROTECTED]>
> I almost exclusively use PHP
> to draw from data held within a MySQL database on the same server. I do
> not allow users to upload files. I suppose the most that I allow users
> to do is input some information like email addresses, user names and
> passwords.
3 matches
Mail list logo