In article <1083608854.20070704223909@xxxxxxxxxxxxx> rich@xxxxxxxxxxxxx(Richard Davey) wrote: > I actually agree with you about Ilia's book, it is the best of the > three available (the Pro PHP Security one is certainly the worst), > although there are areas where even Ilia basically shrugs his > shoulders in the text and says "you can never have it 100%" and > sortof gives up on you :) > > All three books are now well behind the times though imho. > Indeed, in fact I think Ilia's slides for this years PHPtek make a great kind companion to the book. It would be great if he merged the slides and book into a second edition. Although in his slides he mentions that mysql_real_escape_string can be attacked with multibyte characters, but it looks like that hasn't been the case for a while. Not that I am really complaining about that, I prefer prepared statements and would use them all the time if it wasn't for the fact that those queries aren't cached until recent versions of MySQL 5.1 Anyway, I'm rambling now ;) -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php