Thanks. Sure, I know how to escape and filter the input.. But since not
all my sites use PDO yet, and I use some external code it would be a
good idea to also use an sql injection scanner.
Emil
admin@xxxxxxxxxxxxxxxxxxx wrote:
Injections only work on sloppy code.
If you are using globals you are asking for injections. Turn your globals off, use $_POST[var_name] and filter all user input.
Just my opinion, I am sure some will disagree.
Richard L. Buskirk
## Show me a man with no fear, I will point out the date on his tomb stone. ##
--
Hälsningar Emil Edeholt
Karlsson & Novak Medical AB
Telefon 090-154830
Mobil 070-3758222
E-post emil@xxxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
