On Feb 13, 2011, at 12:44 AM, Richard Quadling wrote: > You are > using addslashes($_POST['cc_number']). Considering a credit card > number is purely numeric, the addslashes would seem to be redundant as > you don't need to escape numbers. I do that routinely to all input fields as one additional layer of protection against injection attacks. > And you can run a Luhn10 check > against the card number to make sure it is valid before storing it. I do that as well. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
