2010/8/27 Jan G.B. <ro0ot.w...@googlemail.com>:
> But make sure the other code which we don't see
> - does not outpot any _POST / _GET / _REQUEST / _COOKIE variables
> without encoding the contents (f.e. htmlspecialchars), or
> - does not send and user supplied data without scaping the sb-related
> special chars.. (f.e. mysql_real_escape-string).
Hell.. Actually I wanted to write "output", "escaping" and
"db-related". Are typo corrections accepted here?! :)

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to