mailing list archives
Re: PHP filter function against SQL injections
From: jeffrey rivero <jeffr76 () yahoo com>
Date: Tue, 13 Feb 2007 09:58:49 -0500
I second that its all to often i see this as an major problem
Henry Troup wrote:
It's a serious mistake to assume that the php page will only ever see input from its own page. An attacker will not
but it can never be part of your security strategy.
Filtering input for security must be done on the server. On the server you must treat all input as "evil" until it is
proven innocent (passes the filter).
htroup () acm org
On Sat Feb 10 10:35 , Nic Stevens sent:
I would suggest, though, using data filtering on the form using
for example, only allow valid characters to be placed in the form field.
(I don't know the event handler syntax off hand but I know it can be done)
FW: PHP filter function against SQL injections kevin fielder (Feb 08)
Re: PHP filter function against SQL injections Henry Troup (Feb 12)
Re: PHP filter function against SQL injections Henry Troup (Feb 13)
Re: Re: PHP filter function against SQL injections ianbow (Feb 14)
- Re: PHP filter function against SQL injections jeffrey rivero (Feb 14)