Hi, I read now quite a lot of articles about SQL-Injection, XSS and session hijacking in a hopefully appropriate way.
As I understand the function addslashes(),quote_meta() and mysql_real_escape_string() are to avoid SQL Injection e.g. in order to use page_sliding with entered POST data over forms with $_REQUEST parameters, while strip_tags(), htmlentities() and utf8_decode() is useful to have a clean output within the browser by not having arbitrary code within. For a session authentication PEAR::Auth is used. I just wanted to ask if there's more to take care of. -- Best Regards, Mark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
