--- Richard Lynch [EMAIL PROTECTED] wrote:
What regular expression does one use when there really isn't a
whole lot you can say about the text?...
I mean, say for a guestbook or bulletin board or for a person's
Bio or...
You can limit it to a certain number of characters in length.
You
Matthew Weier O'Phinney wrote:
* Sebastian [EMAIL PROTECTED]:
just a question, what is the best way to sanitize your scripts when
you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query(SELECT id FROM table WHERE
what about when the GET is text? just use htmlspecialchars?
just looking for some advice to help keep my apps secure.
What regular expression does one use when there really isn't a whole lot
you can say about the text?...
I mean, say for a guestbook or bulletin board or for a person's Bio
* Sebastian [EMAIL PROTECTED]:
just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query(SELECT id FROM table WHERE
id=.intval($_REQUEST['id']).);
}
what about
mysql_escape_string() is what you're looking for.
Jed
Sebastian wrote:
just a question, what is the best way to sanitize your scripts when you're
using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id']))
{
mysql_query(SELECT id FROM table WHERE
5 matches
Mail list logo