a few resources

here’s a few resources that someone may find helpful:

and don’t forget that in php, variables like $_SERVER['REQUEST_URI'] and $_SERVER['HTTP_REFERER'] are user input.

» php, code, security
« june 19, 2005 8:27amjune 19, 2005 12:15pm »

comments

I've been using PEAR DB's quoteSmart and escaping SQL wildcard characters when the input goes into a WHERE clause.

» geoff (link) » june 20, 2005 6:15am

this entry is closed to new comments.