Yeah, I'm scared... Please excuse me but may I say that it seems like you've sent some wrong info to the wrong mailing list?
I use PHP NOT ASP, I use MySQL or PostgreSQL or Oracle but NOT M$ SQL Server. And IIS? Of course, some people use it (perhaps) because of some unavoidable circumstances but I don't--I use Apache NOT IIS. Of course, there's nothing bad about being cautious... However, please send some links (or documents) that are more relevant... Thanks anyway, now *I* have something to scare my friends... ;) - E > >Please CC me as I'm on digest: >------------------------------ > >Are there any libraries for data validation available? If one reads >papers like these: > > http://www.nextgenss.com/papers/advanced_sql_injection.pdf > http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf > >It becomes apparent that sites using databases are incredibly open to >attack because of the ingenuity of the attackers. I think there should >be a PHPGuardLib or something. After reading those articles, I plan on >filtering ALL input for semi-cololons and 'chr(' character strings. In >the cases where I want to accept apostrophes, I'm going to be very >careful. > >Also, are there any attacks to email programs on linux that can be done >through input forms? > >PS, for those who think escaping user input only on apostrophes, THINK >AGAIN! And read the aticles above. >-- > >If You want to buy computer parts, see the reviews at: >http://www.cnet.com/ >**OR EVEN BETTER COMPILATIONS**!! >http://sysopt.earthweb.com/userreviews/products/ > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php _________________________________________________________________ MSN Hotmail � il provider email pi� grande al mondo� cosa aspetti a farti un account? http://www.hotmail.it -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
