On Fri, April 20, 2007 8:08 pm, Dotan Cohen wrote: > I've got a comments form that I'd like to harden against SQL Injection > / XSS attacks. The data is stored in UTF-8 in a mysql database. I > currently parse the data as such: > After seeing this: > http://ha.ckers.org/xss.html > and another similar one for SQL injection, I'm worried that my filters > are not enough. What do the pro php programers out there use? http://phpsec.org For MySQL: http://mysql_real_escape_string -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
