take a look at this http://phpinsider.com/php/code/SafeSQL/
pete
Jeremy Russell wrote:
Hello list,
I was just sitting here thinking how to secure my php code and thought I would run it by the pros. I don't know what the standard practice is to secure against sql injection and malformed information passed from forms. This probably has been done several times I just would like to know if I should do it this way or if there is a better way.
What I though to do is create a function that simply went through a variable and removed the quotes. Something that could be used when pulling the variables from the form right of the bat. i.e.
$form_var = secure($_POST['var'];
after that just do everything else as normal.
So I just really looking for advice on securing my web app.
BTW: any body heard of or use Cisco's VMPS?
Jeremy Russell Network Administrator, CNI 580.235.2377
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php