Re: does magic_quotes_gpc prevents sql injection through forms?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes. Always treat incoming data as if it were tainted. How rigorous you are
is up to you, but check for required fields, then validate them (type, size
etc) and finally escape before database entry.


http://www.projectkarma.co.uk




--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux