Rick Emery wrote:

> You can still use extract($_POST).
> It is as safe/vulernable as $_POST['isAdmin'].
> In either case, use only variables that you know are yours and be certain
> these contain values which you believe to be safe. For instance, if you expect
> a variable called $firstname to contain a name to be stored in a SQL database,
> be certain it does not contain SQL commands which can damage your database.

Okay, I know I can use strip_tags() and/or htmlspecialchars() to strip out
or modify HTML and PHP code in a string, but, how does one do the same with
MySQL code in a string to prevent tampering?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to