"Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]> tapota :
> Hi, > finally i did this ( the most smart solution for protect EVERY variable > against malicious values ). > i put the $GLOBALS as $filtered ( using foreach ) , then i used eregi with > some common expressions and > after that i specified an action if some of the $GLOBALS have non-permitted > characters , simply a die() with a message. > > Please , checkout the CVS , modified file is > /fronteend/php/include/security.php . I thought about that previously and reached the conclusion it would just mean bloating the code, instead of fixing the root of the problem. As I said before, we can still live with the symptoms of the problem. But a cure must be done on the root of problem. Curing the symptoms will bring no benefit. Keep in mind that PHP already run an addslashes() on POST/GET/COOKIE variables, so it prevents any SQL injection. -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+
