On May 25, 2007, at 8:47 AM, Jochem Maas wrote:
check this, check that.
granted the OP posted quite a bit of irrelevant code with regard to
SQL injection protection. BUT his use of parameterized queries
should protect
against injection because MySQL knows what to do with the data
(i.e. escape it),
which only leaves the question as to whether the character encoding
is correctly
setup so that nothing funky can get through (although I believe an
article by
Chris Shiftlett pointed out a situation where even if you got
everything right it
was possible to do sql injection in some edge cases by submitting
specific 'broken'
strings).
I apologize for posting the entire add script, but I wasn't sure what
was needed to check if I was doing it right or not. I figured in this
case it was better to give to much info rather then not enough. My
big main goal it to make this bit of software as secure/safe as
possible.
I will double check the character encoding, which would be done on
the database correct?
Now if only I could get a check box to show up so I can delete
multiple people at one time :) But I'm still learning about that.
Thanks for looking! I really appreciate it!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
