check this, check that.
granted the OP posted quite a bit of irrelevant code with regard to
SQL injection protection. BUT his use of parameterized queries should protect
against injection because MySQL knows what to do with the data (i.e. escape it),
which only leaves the question as to whether
On May 25, 2007, at 8:47 AM, Jochem Maas wrote:
check this, check that.
granted the OP posted quite a bit of irrelevant code with regard to
SQL injection protection. BUT his use of parameterized queries
should protect
against injection because MySQL knows what to do with the data
(i.e.
On 5/25/07, Jason Pruim [EMAIL PROTECTED] wrote:
I apologize for posting the entire add script, but I wasn't sure what
was needed to check if I was doing it right or not. I figured in this
case it was better to give to much info rather then not enough. My
big main goal it to make this bit of
Jared Farrish wrote:
On 5/25/07, Jason Pruim [EMAIL PROTECTED] wrote:
I apologize for posting the entire add script, but I wasn't sure what
was needed to check if I was doing it right or not. I figured in this
case it was better to give to much info rather then not enough. My
big main goal it
On May 25, 2007, at 10:44 AM, Darren Whitlen wrote:
Jared Farrish wrote:
On 5/25/07, Jason Pruim [EMAIL PROTECTED] wrote:
I apologize for posting the entire add script, but I wasn't sure
what
was needed to check if I was doing it right or not. I figured in
this
case it was better to
I'm not sure exactly what kind of sanitization you think you're doing, but
if all you do is check to see if it's empty (empty() implements isset(),
empty() checks to see if it's set, then if it evaluates to an empty
variable), that's not much sanitization.
What you need to do is check for SQL
Jason Pruim wrote:
Hi Everyone,
I think I have found away to prevent SQL code injection into my database
and just wanted to get everyones comments on my method.
?PHP
include 'defaults.php';
// Setting error message variable to nothing
$errmsg = ;
// Check form info
if
Also, you should be checking against type (expecting a number? a boolean
value? a string?) and then checking against expected length requirements
(such as firstname can only be 80 characters long max, so maybe check for
code
if (strlen($var) 80) {
do something;
}
/code
In unit testing, you
8 matches
Mail list logo
