Hosting Provided By

Re: Lazy sanitizing of data for SQL queries

From: HarryM <harrym(at)the-group.org>
Date: Fri Jan 24 2003 - 15:51:03 EST

Hi,

Sverre:

I work with PHP and validate non-textual columns with is_numeric().

Phill:

Lots of good points there. When I thought of this I was writing a small script to allow users to post comments under topics on a documentation system. I'm using base64 for the topic title and body, which (unless I add search functionality) is never queried, other than to retrieve it. You're quite right though that this wouldn't work for anything beyond the very basic!

HarryM Received on Fri Jan 24 16:00:24 2003

This message: [ Message body ]
Next message: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"
Previous message: Augusto Paes de Barros: "Generic User password management"
In reply to: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"
Next in thread: Sverre H. Huseby: "Re: Lazy sanitizing of data for SQL queries"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT

Do you need help?