Reply to Re: doing math with html — HTML — IT news, forums, messages

Posted by Toby A Inkster on 05/23/07 06:32

Adrienne Boswell wrote:
> wayne:
>
>> As I understand PHP, the programmer must check each field for valid
>> input characters. Wouldn't this keep hackers at bay?
>
> Not necessarily. A determined hacker can get past server side checks, if
> the check is not strong enough. A good example of that is SQL injection,
> where the page is using dynamic SQL, and the developer is either not using
> stored procedures, or is not testing for single quotes in input fields.

Surely, "not testing for single quotes" falls into the category of not
"check[ing] each field for valid input characters"?

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 88 days, 14:15.]

The Great Wi-Fi Controversy
http://tobyinkster.co.uk/blog/2007/05/22/wifi-scare/

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация