Good evening,
Are you meaning input on the search form? Thats not doing an sql lookup, thats the sphinx search. I have not using the sphinx escape function because I want to allow people to use double quotes in the queries. eg @html "jquery.1.7.4.js" etc. If i use the escape function, it will end up @html \"jquery..... which wont work with the search. So a bit of a trade off. I could catch the error and display a nice "You've entered an invalid search query" which might be better. If I've missed something, then feel free to let me know. Cheers Nick On Tuesday, July 24, 2012 9:40:00 PM UTC+12, Bruce wrote: > > Hi Nick, > > Have a look at your input validation/sanitation. You are vulnerable to an > SQL injection attack at the moment... > > Cheers, > Bruce > > On Monday, 23 July 2012 20:50:45 UTC+12, Nick wrote: >> >> The second crawl has now been completed. I picked up over 340k this time! >> http://www.crawl.co.nz/ >> >> Check it out if you haven't already :) >> >> Nick >> > -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
