On 9/26/07, Kenneth Downs <[EMAIL PROTECTED]> wrote:
>
> From:
> http://www.eweek.com/article2/0,1759,2188714,00.asp
>
> Q: How can sites protect themselves against SQL injection?
> A: You basically have a choice between programming tools that lock you
> into proprietary architectures and those that allow you to incorporate new
> open source libraries and tools as they become available.
There, fixed that for them.
If your PHP code isn't preventing SQL injection then use one of the
many extensions or libraries that prevents it... or write your own.
My personal favorite:
public function esc( $value ) {
return mysql_real_escape_string( $value, $this->db );
}
--
Chris Snyder
http://chxo.com/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
