NYCPHP Meetup

[nycphp-talk] Is there something wrong with this SQL query in PHP?

Ben Sgro (ProjectSkyLine) ben at projectskyline.com
Tue Aug 14 21:15:09 EDT 2007


heh,

Yeah I guess. They weren't validating the users input. = ]

- Ben

Ben Sgro, Chief Engineer
ProjectSkyLine - Defining New Horizons

----- Original Message ----- 
From: "John Campbell" <jcampbell1 at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, August 14, 2007 8:31 PM
Subject: Re: [nycphp-talk] Is there something wrong with this SQL query in 
PHP?


>> They had the exact same problems w/XSS, no input validation.
>
> Input validation?  Don't you mean output escaping?  You must not allow
> uber leet usernames like |<33|>.  :)
>
> -john cambpell
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php 




More information about the talk mailing list