Re: Re[4]: Re: php security books

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In article <1083608854.20070704223909@xxxxxxxxxxxxx>
rich@xxxxxxxxxxxxx(Richard Davey) wrote:


>  I actually agree with you about Ilia's book, it is the best of the
> three available (the Pro PHP Security one is certainly the worst),
> although there are areas where even Ilia basically shrugs his
> shoulders in the text and says "you can never have it 100%" and
> sortof gives up on you :)
>  
>  All three books are now well behind the times though imho.
>  

Indeed, in fact I think Ilia's slides for this years PHPtek make a
great kind companion to the book.  It would be great if he merged the
slides and book into a second edition.  
Although in his slides he mentions that mysql_real_escape_string can
be attacked with multibyte characters, but it looks like that hasn't
been the case for a while.  Not that I am really complaining about
that, I prefer prepared statements and would use them all the time if
it wasn't for the fact that those queries aren't cached until recent
versions of MySQL 5.1
Anyway, I'm rambling now ;)

-- 
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux