--- Richard Lynch <[EMAIL PROTECTED]> wrote:
> What regular expression does one use when there really isn't a
> whole lot you can say about the text?...
>
> I mean, say for a guestbook or bulletin board or for a person's
> Bio or...
>
> You can limit it to a certain number of characters in length
> what about when the GET is text? just use htmlspecialchars?
> just looking for some advice to help keep my apps secure.
What regular expression does one use when there really isn't a whole lot
you can say about the text?...
I mean, say for a guestbook or bulletin board or for a person's Bio or.
Matthew Weier O'Phinney wrote:
> * Sebastian <[EMAIL PROTECTED]>:
>> just a question, what is the best way to sanitize your scripts when
>> you're
>> using $_GET or $_REQUEST in a query?
>>
>> eg, i usually just do:
>>
>> if(is_numeric($_REQUEST['id']))
>> {
>> mysql_query("SELECT id FROM table
* Sebastian <[EMAIL PROTECTED]>:
> just a question, what is the best way to sanitize your scripts when you're
> using $_GET or $_REQUEST in a query?
>
> eg, i usually just do:
>
> if(is_numeric($_REQUEST['id']))
> {
> mysql_query("SELECT id FROM table WHERE
> id=".intval($_REQUEST['id'])."");
>
mysql_escape_string() is what you're looking for.
Jed
Sebastian wrote:
just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query("SELECT id FROM table WHERE
id=".intval($_R
5 matches
Mail list logo
