Hello Adrian, Am 10:53 2003-07-19 +0200 hat Adrian Tineo geschrieben: >What I do is verify all user input ($_GET and $_POST array) and not allow >certain characters, most importantly ";". If they can't put a ";" they can't >close a query and they can't do SQL injection. How do you do that ? With a Java-Script in the WebPage ? or On the Server-Side ? I think, we must use all two, the first one to prevent to much work on the Server-Side and the second one if someone hack the input field or use Commandline to access the URL. Hmm, have no clue how to check it with Java-Script... Does anyone have a small GPL'ed code for it ? (I do not code Java-Script) Thanks Michelle
