subject:"Re\: \[PHP\] advice on sql injection\/XSS prevention"

Re: [PHP] advice on sql injection/XSS prevention

2007-04-10 Thread Richard Lynch

If you know you are using MySQL, you could pass all database input through mysql_real_escape_string. Or you could use prepared statements and not have to worry about escaping the data, as MySQL *knows* it's data. You'll probably not be able to defeat XSS in any meaningful way, however... Perhap

Re: [PHP] advice on sql injection/XSS prevention

2007-04-06 Thread Jordan Forssman

little effort -- no installation required. From: Zoltán Németh <[EMAIL PROTECTED]> To: Bing Du <[EMAIL PROTECTED]> CC: php-general@lists.php.net Subject: Re: [PHP] advice on sql injection/XSS prevention Date: Thu, 05 Apr 2007 16:23:23 +0200 I think it is generally a Bad Idea to allow

Re: [PHP] advice on sql injection/XSS prevention

2007-04-05 Thread Zoltán Németh

I think it is generally a Bad Idea to allow users to submit code into your system... you would be better off if you would provide some pseudo-coding possibilities which would allow them to insert certain functionalities into their content - with you providing the real code running behind and replac

Re: [PHP] advice on sql injection/XSS prevention

Re: [PHP] advice on sql injection/XSS prevention

Re: [PHP] advice on sql injection/XSS prevention

3 matches

Site Navigation

Mail list logo

Footer information