2010/8/27 Jan G.B. <ro0ot.w00t@xxxxxxxxxxxxxx>: > But make sure the other code which we don't see > - does not outpot any _POST / _GET / _REQUEST / _COOKIE variables > without encoding the contents (f.e. htmlspecialchars), or > - does not send and user supplied data without scaping the sb-related > special chars.. (f.e. mysql_real_escape-string). > Hell.. Actually I wanted to write "output", "escaping" and "db-related". Are typo corrections accepted here?! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
