Re: PHP Security — PHP Programming Language

You are here: Re: PHP Security « PHP Programming Language « IT news, forums, messages

Posted by Chung Leong on 11/04/05 22:11

Jerry Stuckle wrote:
> If the incoming value isn't an integer, you don't.
>
> For instance - let's say I want to order 100 widgets. However, in the
> quantity column I mistype "1q00", because of my fat fingers. :-)

Geez. Either I failed to express myself clearly or people have never
heard of defense in-depth. The existence of a mechanism to stop one
type of SQL injection does not imply that data will necessarily reach
it. You put it there so that the code that interacts with the database
isn't dependent on your validation code for safety. That code should,
of course, keep the user from encountering the odd behavior.

Navigation:

Next in forum: Re: Appending #anchor with other variables
Prev in forum: Re: do I use fopen or fsockopen to get an image as a stream of bytes?
Thread view: Re: PHP Security

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация