On Thu, 14 Aug 2003, Steven Brown wrote: > I found an example of passing unvalidated input into a SQL query, I > didn't say it would lead to an exploit. The point was, yes, even you > guys make this mistake. It's not a "Well, you should have learned to > write secure code" type of issue. Everyone makes this mistake > occasionally.
Unvalidated in what sense? We don't validate for multiple queries because we have no need to do so. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
