Hi, What shall one do to avoid people that trys to manipulate my server? I mysql_real_escape_string() all input from GET and POST. A long time ago I think I used addslashes or something like that too, so people couldn't insert php code in their input. Is that still something I should do, or does mysql_real_escape_string() take care of that too? And is it even possible for a user to execute there own php code if I not output the input via the eval() function? When users input is displayed for others then themself I try to filter out html tags too. Anything else I should think of? Sorry if this has been asked a million times before. Thanks for your time /Regards Emil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
