|
|
Posted by Jeff North on 12/19/06 12:35
On Tue, 19 Dec 2006 06:37:22 -0500, in comp.lang.php bill
<nobody@spamcop.net>
<HLydnaQz665uUxrYnZ2dnUVZ_uS3nZ2d@cablespeedmi.com> wrote:
>| MySQL newbie, not new to computing.
>|
>| In my application I accept photos and data, some structured and
>| some free text. I store the information (but not the images) in a
>| MySQL database and then from that information I construct a web
>| page for the user.
>|
>| The images are always displayed within an <img tag.
>|
>| The text is displayed as part of the web page, within <p> tags.
>|
>| The users are all registered and (more or less) trusted individuals
>|
>| <paranoid mode on>
>|
>| 1: Do I need to worry about SQL injection if I do not process the
>| incoming free form data ?
>|
>| 2: Do I need to worry about PHP statements being embedded in the
>| free form data ?
>|
>| 3: if so, what is the best practices to protect my database/site ?
>|
>| <paranoid mode off>
http://en.wikibooks.org/wiki/Programming:PHP:SQL_Injection
http://www.php.net/manual/en/security.database.sql-injection.php
http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf
---------------------------------------------------------------
jnorthau@yourpantsyahoo.com.au : Remove your pants to reply
---------------------------------------------------------------
[Back to original message]
|