[nycphp-talk] Is there something wrong with this SQL query in PHP?

John Campbell jcampbell1 at
Tue Aug 14 20:31:12 EDT 2007

> They had the exact same problems w/XSS, no input validation.

Input validation?  Don't you mean output escaping?  You must not allow
uber leet usernames like |<33|>.  :)

-john cambpell

More information about the talk mailing list