Injections only work on sloppy code. If you are using globals you are asking for injections. Turn your globals off, use $_POST[var_name] and filter all user input.
Just my opinion, I am sure some will disagree. Richard L. Buskirk ## Show me a man with no fear, I will point out the date on his tomb stone. ## >Hi! > >I've been trying Nessus to search for sql injections and other >security >issues. I'm quite sure Nessus is missing a lot of possible sql >injections (and maybe other stuff too). Are there any other tools that >I >can install on my server that searches a bit more carefully? What do >you >use and why? > >Any other good security tools for LAMP that one should know of? > >Kind Regards Emil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
