On Mon, Feb 27, 2006 at 12:20:51PM +0100, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> What shall one do to avoid people that trys to manipulate my server?
>
> I mysql_real_escape_string() all input from GET and POST.
The mysql_escape_string() will protect you from sql injections, the
thing you have to
Hi,
What shall one do to avoid people that trys to manipulate my server?
I mysql_real_escape_string() all input from GET and POST.
A long time ago I think I used addslashes or something like that
too, so people couldn't insert php code in their input. Is that
still something I should do, or d
On 2/27/06 6:20 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> When users input is displayed for others then themself I try to filter out
> html tags too.
I type cast all relevant variables before processing them as one last check.
Type casting forces the variable to be of the type you e
Hi,
What shall one do to avoid people that trys to manipulate my server?
I mysql_real_escape_string() all input from GET and POST.
A long time ago I think I used addslashes or something like that too, so people
couldn't insert php code in their input. Is that still something I should do,
or d
4 matches
Mail list logo
