On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch <ceo@xxxxxxxxx> wrote: > Any Best Practice suggestions for potentially hostile user input being > sent to ldap_search($ldap, "(username=$_POST[username])"); > > Something like an ldap_escape? > > Please cc me on replies. Thanks. > Long time no see, Richard. There are a couple ldap_escape() functions in the comments here. I don't know enough about ldap to know how robust they are. I have used one of them, but only on a few intranet sites where the probability of malicious activity is fairly low. http://www.php.net/manual/en/function.ldap-search.php Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
