----- Original Message -----
From: "Ashley Sheridan" <a...@ashleysheridan.co.uk>
To: "Dotan Cohen" <dotanco...@gmail.com>
Cc: "Jim Lucas" <li...@cmsws.com>; "php-general."
Sent: Tuesday, October 20, 2009 4:02 AM
Subject: Re: [PHP] Sanitizing potential MySQL strings with no database
On Tue, 2009-10-20 at 12:58 +0200, Dotan Cohen wrote:
> You are making this thing harder then it has to be.
> All you need is to replicate the escaping of the same characters that
> mysql_real_escape_string() escapes. Simply do that. They are listed
> on the
> functions manual page on php.net
This thread is so long, I am suprised to see that nobody has yet recommended
the use of the OWASP php filters.
It is still very good.
If by chance someone already mentioned it, my bad.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php