• skip to sidebar
  • skip to search box

trainedmonkey

by Jim Winstead Jr.

a few resources

here’s a few resources that someone may find helpful:

  • php’s htmlspecialchars() function, useful for encoding user input that may contain characters like <
  • php’s addslashes() function, useful for escaping user input for putting into an sql query (even better is to use a parameter-based query api)
  • a list of the top ten php security vulnerabilities

and don’t forget that in php, variables like $_SERVER['REQUEST_URI'] and $_SERVER['HTTP_REFERER'] are user input.

» Sunday, June 19, 2005 @ 10:29am » code, php, security » 1 comment, add yours
« Sunday, June 19, 2005 @ 8:27am • Sunday, June 19, 2005 @ 12:15pm »

Comments

I've been using PEAR DB's quoteSmart and escaping SQL wildcard characters when the input goes into a WHERE clause.

» geoff (link) » Monday, June 20, 2005 @ 6:15am

Add a comment

Sorry, comments on this post are closed.

  • Home
  • About
  • Archive
  • Bookmarks
  • Photos
  • Projects
  • GitHub
  • @jimw@mefi.social

Dedicated to the public domain by Jim Winstead Jr.