I didn't see that, what a waste of paper.... Randy ----- Original Message ----- From: "Edwin @" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 16, 2002 1:14 PM Subject: Re: [PHP] SQL Injection/Data Balidation
> Yeah, I'm scared... > > Please excuse me but may I say that it seems like you've sent some wrong > info to the wrong mailing list? > > I use PHP NOT ASP, I use MySQL or PostgreSQL or Oracle but NOT M$ SQL > Server. And IIS? Of course, some people use it (perhaps) because of some > unavoidable circumstances but I don't--I use Apache NOT IIS. > > Of course, there's nothing bad about being cautious... However, please send > some links (or documents) that are more relevant... > > Thanks anyway, now *I* have something to scare my friends... ;) > > - E > > > > >Please CC me as I'm on digest: > >------------------------------ > > > >Are there any libraries for data validation available? If one reads > >papers like these: > > > > http://www.nextgenss.com/papers/advanced_sql_injection.pdf > > http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf > > > >It becomes apparent that sites using databases are incredibly open to > >attack because of the ingenuity of the attackers. I think there should > >be a PHPGuardLib or something. After reading those articles, I plan on > >filtering ALL input for semi-cololons and 'chr(' character strings. In > >the cases where I want to accept apostrophes, I'm going to be very > >careful. > > > >Also, are there any attacks to email programs on linux that can be done > >through input forms? > > > >PS, for those who think escaping user input only on apostrophes, THINK > >AGAIN! And read the aticles above. > >-- > > > >If You want to buy computer parts, see the reviews at: > >http://www.cnet.com/ > >**OR EVEN BETTER COMPILATIONS**!! > >http://sysopt.earthweb.com/userreviews/products/ > > > >-- > >PHP General Mailing List (http://www.php.net/) > >To unsubscribe, visit: http://www.php.net/unsub.php > > > > > _________________________________________________________________ > MSN Hotmail č il provider email pių grande al mondo. cosa aspetti a farti un > account? http://www.hotmail.it > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php