Hello Daniel, > A delayed FYI:
> The term "injection attack" generally means "SQL injection attack", hence > so many people here talking about properly escaping data heading to your > database. Sometimes it means "HTML injection attack", leading to others > talking about how to escape HTML when generating pages. > Sounds like your issue turned out to be a plain old bug / programming > logic flaw. > --Dan Thanks for the reply. You are correct. The real problem is just a form spammer. I thought it was an injection because I was seeing a MySQL error message and assumed that they are actually getting to the database. The client told me that "mysterious" profiles were showing up in the application. The mystery was his, they were spammers who were generating the profiles manually. I have been trapping the traffic to that form and he's getting about 10 spammers bad guys a day who generate about a hundred bogus forms that die because they can never be submitted for lack of required data. The one's that succeed are being generated by hand, at least that is what it looks like and those are the "mysterious" profiles. thanks again for the update. -- Best regards, mikesz mailto:[EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
