I've started a thread on the topic some time ago on the php list, after some
extensive reading and testing and these were the main conclusions:
1.1. ALWAYS pass "addslashed" values and always pass them quoted in the SQL
statement. That is "insert into table1 set id='$id'" even if $id is known to
a
To: [EMAIL PROTECTED]
// Subject: [PHP-DB] Sanitizing user input for interaction with DB.
//
//
//
// Hey folks,
//
// Let me preface this with the fact that I know
// information like this exists online, but it's a bear
// trying to find good examples. I checked the list arc
Hey folks,
Let me preface this with the fact that I know
information like this exists online, but it's a bear
trying to find good examples. I checked the list archives,
and got minimal information. Also, I'm posting to this list
rather than the -users because this does target a databas
