[nycphp-talk] More confused now then before by PHP security!
cliff
cliff at pinestream.com
Sun Jan 22 09:18:14 EST 2006
Yes, the article should have ended with:
NEVER USE addslashes
USE mysql_real_escape_string() (or prepared statements as suggested by
others)
PERIOD
I'd like to take this opportunity to make a commercial announcement. Yhe
message you are about to hear...
If you're like me, you have probably digested Chris' presentations,
articles, etc. All great info and probably the single best source for PHP
security.
I just read two PHP books: one terrible 400+ page useless beast and Chris'
concise security book, which is truly excellent. Although you can probably
find most of its contents scattered throughout his various presentations,
having the book as one easy to grab source is really worthwhile. My
shameless plug -- hat's off Chris...
On Sun, 22 Jan 2006 08:32:15 -0500, Dan Cech wrote
> IMHO Chris wasn't as explicit as he could have been with regards to
> the conclusion of the article, but basically the point is something
> like this:
More information about the talk
mailing list