Chris Shiflett wrote:
Yes, that's it.
I know this may sound like a huge hassle compared to a nice
one-size-fits-all data filtering function, but I personally would never
rely on myself to be able to predict all of the different types of attacks
that people will come up with. There are many people
--- Phillip Jackson <[EMAIL PROTECTED]> wrote:
> > Personally, I think this is a bad approach, regardless of how
> > well it is implemented. I think you will give yourself a false
> > sense of security.
>
> what, then, do you yourself do in such an application requiring a
> response from the user
> Personally, I think this is a bad approach, regardless of how well it is
> implemented. I think you will give yourself a false sense of security.
what, then, do you yourself do in such an application requiring a response
from the user to massage the data? reject all input that doesn't conform to
great point about the array; to make the script more portable i will most
definitely detect magic quotes.
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Phillip Jackson wrote:
> >
> > function escape(){
> > while (list($key, $value) = each($_POST)) {
> > $value
Phillip Jackson wrote:
function escape(){
while (list($key, $value) = each($_POST)) {
$value = trim(mysql_escape_string($value));
global $$key;
$$key = $value;
}
}
1. The function does not detect if magic_quotes_gpc are on, post vars
would be double escaped then.
2. $value might be an arr
--- Phillip Jackson <[EMAIL PROTECTED]> wrote:
> i have developed my own "register globals" function that mimics
> the action of register globals, but only for $_POST... i do this
> to ensure that all incoming communication is escaped for use in
> scripts to account for, and to avoid, SQL injection
i have developed my own "register globals" function that mimics the action
of register globals, but only for $_POST... i do this to ensure that all
incoming communication is escaped for use in scripts to account for, and to
avoid, SQL injection. below is the code... any suggestions would be welcom
7 matches
Mail list logo
