Dave G wrote:
If that text is not properly validated and escaped, you could
be open to SQL Injection attacks
I'm less clear on what properly escaped means. I thought
escaping was a matter of putting slashes before special characters, so
that their presence doesn't confuse the SQL queries
John,
If that text is not properly validated and escaped, you could
be open to SQL Injection attacks
...
you could be open to Cross Site Scripting attacks
After reading your response, I looked the web to determine what
you meant by properly validated and escaped.
From what I
From: Dave G [EMAIL PROTECTED]
I almost exclusively use PHP
to draw from data held within a MySQL database on the same server. I do
not allow users to upload files. I suppose the most that I allow users
to do is input some information like email addresses, user names and
passwords. But it
3 matches
Mail list logo