Hi, look for escapeshellcmd(). It is another good function to minimize the security risks. http://in2.php.net/escapeshellcmd Zaeeef ahmed >-----Original Message----- >From: Mark-Walter@xxxxxxxxxxx [mailto:Mark-Walter@xxxxxxxxxxx] >Sent: Thursday, November 04, 2004 3:55 AM >To: php-general@xxxxxxxxxxxxx >Subject: SQL-Injection, XSS and Hijacking >Hi, >I read now quite a lot of articles about SQL-Injection, >XSS and session hijacking in a hopefully appropriate way. >As I understand the function addslashes(),quote_meta() >and mysql_real_escape_string() are to avoid SQL Injection >e.g. in order to use page_sliding with entered POST data >over forms with $_REQUEST parameters, while strip_tags(), >htmlentities() and utf8_decode() is useful to have a >clean output within the browser by not having arbitrary >code within. >For a session authentication PEAR::Auth is used. >I just wanted to ask if there's more to take care of. >-- >Best Regards, >Mark ------------------------------------------------------------------------ -- Zareef Ahmed :: A PHP develoepr in Delhi ( India ) Homepage :: http://www.zasaifi.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
