Hi i read many thing on sql injection but i just cant sumarize all the information.
Most site (PHPadvisory.com, phpsecure.info, other found on google) dont talk to mutch on how to prevent SQL injection. At some place, they mentionned having a badword list, but really in a product description we can have about anyword (select, insert, update, ...) SO the badword liste is not really the solution i believe. I did the fallowing single quoted all the queries, parameters (even if numerical), did a mysql_real_eascape_string on all parameters befor they are passed to mysql. Also my Queries are always fairly long and no queries and by a parameter (at least i try not too) Do you guys have any other tips ? Thanks Yann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
