1. You want to take a look at pseudo variable transformations and its escape features. http://www.openser.org/dokuwiki/doku.php/transformations:1.2.x
2. Try to avoid raw SQL queries. regards klaus Iñaki Baz Castillo schrieb: > Hi, could somebody tell me which characteres are allowd in a SIP URI? which > RFC defines it? > > I ask it because I do a DB query with $ru so a SQL injection it's possible if > RURI contains single or double ' > > So at the begining of the script I'd like to reject a message if the RURI > contains illegal symbols. > > Could be useful a core function for this? > > Regards. > > _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
