> Any ideas about how I can reproduce this problem would greatly
appreciate and any suggestions about how to fix it would be even more
greatly appreciated. 8-)
Thanks for your attention.
--
Best regards,
> mikesz mailto:[EMAIL PROTECTED]
Scrub and clean all user input.
My understanding -- nothing can get in unless you allow it (barring
server breaches).
Here's an example of js injection:
http://webbytedd.com/bb/insecure-form/
SQL injection (as I understand it) is simply allowing the user to
prepare (in part) the SQL query. Scrub and clean user input and
prepare the query yourself as per what you will allow.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
