[nycphp-talk] Is there something wrong with this SQL query in PHP?
Ben Sgro (ProjectSkyLine)
ben at projectskyline.com
Tue Aug 14 21:15:09 EDT 2007
heh,
Yeah I guess. They weren't validating the users input. = ]
- Ben
Ben Sgro, Chief Engineer
ProjectSkyLine - Defining New Horizons
----- Original Message -----
From: "John Campbell" <jcampbell1 at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 14, 2007 8:31 PM
Subject: Re: [nycphp-talk] Is there something wrong with this SQL query in
PHP?
>> They had the exact same problems w/XSS, no input validation.
>
> Input validation? Don't you mean output escaping? You must not allow
> uber leet usernames like |<33|>. :)
>
> -john cambpell
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
More information about the talk
mailing list