Hi to all, any one can tell me, what is the correct way to write secure applications in php and how is the best way to remove or prevent the backtip operator.
I think what my code is very insecure. What is the correct way to do this ??? $Myusername = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars ($HTTP_POST_VARS['username'])) : ''; $Myusername = substr(str_replace("\'", "'", $Myusername), 0, 25); if ($Myusername ==""){ exit; } elseif (eregi(";", $Myusername) ){ echo "Hacking attempt"; exit; } elseif (eregi("`", $Myusername) ){ echo "Hacking attempt"; exit; } $Myusername= str_replace("\'", "''", $Myusername) ; $Myusername= str_replace("`", "", $Myusername) ; Un saludo, Danny -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php