----- Original Message -----
From: "Ashley Sheridan" <a...@ashleysheridan.co.uk>
To: "Dotan Cohen" <dotanco...@gmail.com>
Cc: "Jim Lucas" <li...@cmsws.com>; "php-general."
<php-general@lists.php.net>
Sent: Tuesday, October 20, 2009 4:02 AM
Subject: Re: [PHP] Sanitizing potential MySQL strings with no database
connection
On Tue, 2009-10-20 at 12:58 +0200, Dotan Cohen wrote:
> Dotan,
>
> You are making this thing harder then it has to be.
>
> All you need is to replicate the escaping of the same characters that
> mysql_real_escape_string() escapes. Simply do that. They are listed
> on the
> functions manual page on php.net
>
> http://php.net/mysql_real_escape_string
>
This thread is so long, I am suprised to see that nobody has yet recommended
the use of the OWASP php filters.
It is still very good.
http://www.owasp.org/index.php/OWASP_PHP_Filters
If by chance someone already mentioned it, my bad.
Best Regards
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
