Re: does magic_quotes_gpc prevents sql injection through forms?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Reinhart Viane" <rv@xxxxxxxx>
Subject: Re: does magic_quotes_gpc prevents sql injection through forms?
From: "Dave Goodchild" <buddhamagnet@xxxxxxxxx>
Date: Mon, 11 Sep 2006 13:10:22 +0100
Authentication-results: pb1.pair.com header.from=buddhamagnet@xxxxxxxxx; domainkeys=bad
Authentication-results: pb1.pair.com smtp.mail=buddhamagnet@xxxxxxxxx; spf=pass; sender-id=pass
Authentication-results: pb1.pair.com header.from=buddhamagnet@xxxxxxxxx; sender-id=pass; domainkeys=good
Cc: php-general@xxxxxxxxxxxxx
In-reply-to: <20060911120852.6AC2BD419A@xxxxxxxxxxxxxxxxxxx>
References: <2c361d270609110403nfa561f5l81e07a0b425076dc@xxxxxxxxxxxxxx> <20060911120852.6AC2BD419A@xxxxxxxxxxxxxxxxxxx>

Yes. Always treat incoming data as if it were tainted. How rigorous you are
is up to you, but check for required fields, then validate them (type, size
etc) and finally escape before database entry.


http://www.projectkarma.co.uk



--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk

Follow-Ups:
- RE: does magic_quotes_gpc prevents sql injection through forms?(SOLVED)
  - From: Reinhart Viane

References:
- Re: does magic_quotes_gpc prevents sql injection through forms?
  - From: Dave Goodchild
- RE: does magic_quotes_gpc prevents sql injection through forms?
  - From: Reinhart Viane

Prev by Date: RE: does magic_quotes_gpc prevents sql injection through forms?
Next by Date: RE: does magic_quotes_gpc prevents sql injection through forms?(SOLVED)
Previous by thread: RE: does magic_quotes_gpc prevents sql injection through forms?
Next by thread: RE: does magic_quotes_gpc prevents sql injection through forms?(SOLVED)
Index(es):
- Date
- Thread

[Index of Archives] [PHP Home] [Apache Users] [PHP on Windows] [Kernel Newbies] [PHP Install] [PHP Classes] [Pear] [Postgresql] [Postgresql PHP] [PHP on Windows] [PHP Database Programming] [PHP SOAP]