Posted by kenoli on 03/01/07 16:43

Steve -- Thanks. The article looks good and "injection" seems like
the term of art I needed to know. This is great for finding sql
issues which I hadn't thought of.

It is pointed out as an issue in the php manual that Strip_tags() has
trouble knowing what to delete when one or more "<" or ">" are input
by themselves, and not as an actual tag with opening and closing
carats. I have managed to cause some problems when I did some trial
runs inserting these characters myself. Is this ever enough of an
issue to be concerned about? I suppose a regular expression filter, in
addition to strip_tags() could be used here, though it seems like it
might be overkill and a little hard to apply in combination with strip-
tags.

Thanks,

--Kenoli

On Feb 27, 7:36 pm, "Steve" <no....@example.com> wrote:

> http://www.phpbuilder.com/columns/ProPHPSecurity_excerpt.php3
>
> zzzzzzzzzzzzzz........

• Next in forum: shuffle pictures
• Prev in forum: Fatal error: Call to a member function on a non-object
• Thread view: Re: Form input data

[Reply to this message]