On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch <c...@l-i-e.com> wrote:
> Any Best Practice suggestions for potentially hostile user input being
> sent to ldap_search($ldap, "(username=$_POST[username])");
> Something like an ldap_escape?
> Please cc me on replies. Thanks.

Long time no see, Richard. There are a couple ldap_escape() functions
in the comments here. I don't know enough about ldap to know how
robust they are. I have used one of them, but only on a few intranet
sites where the probability of malicious activity is fairly low.



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to