just a question, what is the best way to sanitize your scripts when you're using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query("SELECT id FROM table WHERE
id=".intval($_REQUEST['id'])."");
}
what about when the GET is text? just use htmlspecialchars?
just looking for some advice to help keep my apps secure.
cheers
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
