Hi to all, any one can tell me, what is the correct way to write secure
applications in php and how is the best way to remove or prevent the
backtip operator.
I think what my code is very insecure.
What is the correct way to do this ???
$Myusername = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars
($HTTP_POST_VARS['username'])) : '';
$Myusername = substr(str_replace("\'", "'", $Myusername), 0, 25);
if ($Myusername ==""){
exit;
}
elseif (eregi(";", $Myusername) ){
echo "Hacking attempt";
exit;
}
elseif (eregi("`", $Myusername) ){
echo "Hacking attempt";
exit;
}
$Myusername= str_replace("\'", "''", $Myusername) ;
$Myusername= str_replace("`", "", $Myusername) ;
Un saludo, Danny
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
