Please CC me as I'm on digest:
------------------------------
Are there any libraries for data validation available? If one reads
papers like these:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
It becomes apparent that sites using databases are incredibly open to
attack because of the ingenuity of the attackers. I think there should
be a PHPGuardLib or something. After reading those articles, I plan on
filtering ALL input for semi-cololons and 'chr(' character strings. In
the cases where I want to accept apostrophes, I'm going to be very
careful.
Also, are there any attacks to email programs on linux that can be done
through input forms?
PS, for those who think escaping user input only on apostrophes, THINK
AGAIN! And read the aticles above.
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
