Re: [nyphp-talk] Is there something wrong with this SQL query in PHP?

Ben Sgro \(ProjectSkyLine\) Tue, 14 Aug 2007 18:16:49 -0700

heh,

Yeah I guess. They weren't validating the users input. = ]


- Ben

Ben Sgro, Chief Engineer
ProjectSkyLine - Defining New Horizons

----- Original Message -----From: "John Campbell" <[EMAIL PROTECTED]>

To: "NYPHP Talk" <talk@lists.nyphp.org>
Sent: Tuesday, August 14, 2007 8:31 PM

Subject: Re: [nyphp-talk] Is there something wrong with this SQL query inPHP?

They had the exact same problems w/XSS, no input validation.


Input validation?  Don't you mean output escaping?  You must not allow
uber leet usernames like |<33|>.  :)

-john cambpell
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP

http://www.nyphp.org/show_participation.php


_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

Re: [nyphp-talk] Is there something wrong with this SQL query in PHP?

Reply via email to