On May 25, 2007, at 10:44 AM, Darren Whitlen wrote:
Jared Farrish wrote:
On 5/25/07, Jason Pruim <[EMAIL PROTECTED]> wrote:
I apologize for posting the entire add script, but I wasn't sure
what
was needed to check if I was doing it right or not. I figured in
this
case it was better to g
Jared Farrish wrote:
On 5/25/07, Jason Pruim <[EMAIL PROTECTED]> wrote:
I apologize for posting the entire add script, but I wasn't sure what
was needed to check if I was doing it right or not. I figured in this
case it was better to give to much info rather then not enough. My
big main goal it
On 5/25/07, Jason Pruim <[EMAIL PROTECTED]> wrote:
I apologize for posting the entire add script, but I wasn't sure what
was needed to check if I was doing it right or not. I figured in this
case it was better to give to much info rather then not enough. My
big main goal it to make this bit of s
On May 25, 2007, at 8:47 AM, Jochem Maas wrote:
check this, check that.
granted the OP posted quite a bit of irrelevant code with regard to
SQL injection protection. BUT his use of parameterized queries
should protect
against injection because MySQL knows what to do with the data
(i.e. esc
check this, check that.
granted the OP posted quite a bit of irrelevant code with regard to
SQL injection protection. BUT his use of parameterized queries should protect
against injection because MySQL knows what to do with the data (i.e. escape it),
which only leaves the question as to whether th
Also, you should be checking against type (expecting a number? a boolean
value? a string?) and then checking against expected length requirements
(such as firstname can only be 80 characters long max, so maybe check for
if (strlen($var) > 80) {
do something;
}
In unit testing, you build you
Jason Pruim wrote:
Hi Everyone,
I think I have found away to prevent SQL code injection into my database
and just wanted to get everyones comments on my method.
if (!isset($_POST['FName']) || empty($_POST['FName'])) $errmsg
.="Please enter your name";
if (!isset($_POST['LName']) || empty($_P
I'm not sure exactly what kind of sanitization you think you're doing, but
if all you do is check to see if it's empty (empty() implements isset(),
empty() checks to see if it's set, then if it evaluates to an empty
variable), that's not much sanitization.
What you need to do is check for SQL inj
8 matches
Mail list logo
