After searching Google, reading the PHP manual, PHP mailing list archives,
looking for clues on SANS and Security Focus, I have yet to find an answer
to my question.
I have a section in a form for a user to enter comments and or questions.
What should I be checking for, from a security
No checks are needed. PHP automatically escapes single quotes for MySQL
queries assuming you have magic_quotes_gpc on, which means that if you
want to send the same thing by email using PHP's mail() function you just
have to call stripslashes() on the data. There are no magical characters
that
I have a proccess where a user submits the data, data is run through checks,
validation etc , then stored in a session. then the user goes to
confirmation page where they hit submit to verify the details are correct.
when they hit submit they go to another script that pulls the session
You do not need to revalidate. The data is not coming from the user.
On Mon, 19 Aug 2002, Randy Johnson wrote:
I have a proccess where a user submits the data, data is run through checks,
validation etc , then stored in a session. then the user goes to
confirmation page where they hit
4 matches
Mail list logo