Thx a lot -----Oorspronkelijk bericht----- Van: Dave Goodchild [mailto:[EMAIL PROTECTED] Verzonden: maandag 11 september 2006 14:10 Aan: Reinhart Viane CC: php-general@lists.php.net Onderwerp: Re: [PHP] does magic_quotes_gpc prevents sql injection through forms?
Yes. Always treat incoming data as if it were tainted. How rigorous you are is up to you, but check for required fields, then validate them (type, size etc) and finally escape before database entry. > > http://www.projectkarma.co.uk > > -- http://www.web-buddha.co.uk http://www.projectkarma.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
