----- Original Message ----- From: "Ashley Sheridan" <a...@ashleysheridan.co.uk>
To: "Dotan Cohen" <dotanco...@gmail.com>
Cc: "Jim Lucas" <li...@cmsws.com>; "php-general." <php-general@lists.php.net>
Sent: Tuesday, October 20, 2009 4:02 AM
Subject: Re: [PHP] Sanitizing potential MySQL strings with no database connection

On Tue, 2009-10-20 at 12:58 +0200, Dotan Cohen wrote:

> Dotan,
> You are making this thing harder then it has to be.
> All you need is to replicate the escaping of the same characters that
> mysql_real_escape_string() escapes. Simply do that. They are listed > on the
> functions manual page on php.net
> http://php.net/mysql_real_escape_string

This thread is so long, I am suprised to see that nobody has yet recommended the use of the OWASP php filters.
It is still very good.


If by chance someone already mentioned it, my bad.

Best Regards

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to