On Sun, 21 Mar 2004 13:49:22 -0800, Chris Shiflett wrote:
>
> To be clear: make sure the data that the user submitted only contains the
> characters you think are valid (don't bother trying to guess malicious
> characters - you're sure to miss one) and is a valid length. Once you've
> done this, and your design helps you to make sure that this step can't be
> bypassed by the user, you're protected against SQL injection.
>
Or even better: Use only prepared statements.
--
Hilsen/Regards
Michael Rasmussen
--------------------------------------------------------------
Be cheerful while you are alive.
-- Phathotep, 24th Century B.C.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
