Just to add...
On 2003.11.8, at 00:04 Asia/Tokyo, Chris Shiflett wrote:
--- Shaun <[EMAIL PROTECTED]> wrote:
does anyone know of a function i can include in my scrpits to ensure
all
$_POST values sent from a page don't include any SQL?
It's only important that the data sent from the client will
--- Shaun <[EMAIL PROTECTED]> wrote:
> does anyone know of a function i can include in my scrpits to ensure all
> $_POST values sent from a page don't include any SQL?
It's only important that the data sent from the client will not be
executed by your database. Depending on which database you use,
If you delete all reserved words from a string then this sentence would
become:
you reserved words a this sentence would become :)
You want to ensure the incoming variables are not INTERPRETED as sql.
Properly escape and quote the input.
Shaun wrote:
Hi,
does anyone know of a function i can
On Fri, Nov 07, 2003 at 09:43:20AM -, Shaun wrote:
:
: does anyone know of a function i can include in my scrpits to ensure all
: $_POST values sent from a page don't include any SQL?
If you're using MySQL, look at mysql_escape_string().
--
PHP General Mailing List (http://www.php.net/)
To
Shaun wrote:
Hi,
does anyone know of a function i can include in my scrpits to ensure all
$_POST values sent from a page don't include any SQL?
preg_match_all()
--
Burhan Khalid
phplist[at]meidomus[dot]com
http://www.meidomus.com
---
"Documentation is like sex: when it is good
5 matches
Mail list logo
