Hello Steven, Friday, August 15, 2003, 8:54:53 AM, you wrote:
SB> Btw, it's also never adequate validation to let users inject their own SB> SQL, even in a SELECT. They might add impossibly complex stuff to the SB> where clause and cause your database to wedge for days, or add a 'or 1 = SB> 1' to bypass security checks for information. This can only happen by programmers who don't care at all. You should at least use a quoting function for you sql generation and then - ups - you're already done. The original cause was easy but Rasmus already ensured with the input filters that security can be kept every scenario. -- Best regards, Marcus mailto:[EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
