Hello Mitch, Tuesday, November 13, 2007, 6:28:03 AM, you wrote:
> Is there a reason that using prepared statements are not being used? > That would at least take care of ensuring properly escaped data. Apparently, you missed the part of this thread that it's not my code. I inherited it. The code belongs to a bunch of hacks somewhere in the Former USSR who have long since abandoned ship to generate bigger and better hacks with similar, if not, the same code base for a lot more developers to pull their hair out trying to make it work and be secure too (security and quality never got any space on the project priority list obviously). Thanks for the suggestion though, I appreciate it. -- Best regards, mikesz mailto:[EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
