|
|
Posted by Skeets on 02/11/06 01:43
btw, i use bind variables when i'm inputting fuser orm information into
my db (postgresql). adodb's db abstraction layer (very good, btw) has
a pretty nice implementation. using bind variables means you don't
have to escape everything prior to submission and sql injection becomes
a non issue. if it is bad data, it doesn't get submitted, as i
understand it.
i posted this in another reply, but i'm not sure you will read it.
is this spoofable (i do use apache)?
$host=apache_request_headers();
if(!eregi('domain.com',$host[Referer])){
// good submission, do something
}else{
//bad submission, don't do anything
}
[Back to original message]
|