Thanks. Sure, I know how to escape and filter the input.. But since not all my sites use PDO yet, and I use some external code it would be a good idea to also use an sql injection scanner.

Emil

[EMAIL PROTECTED] wrote:
Injections only work on sloppy code.

If you are using globals you are asking for injections. Turn your globals off, 
use $_POST[var_name] and filter all user input.

Just my opinion, I am sure some will disagree.

Richard L. Buskirk
## Show me a man with no fear, I will point out the date on his tomb stone. ##




--

Hälsningar Emil Edeholt

Karlsson & Novak Medical AB
Telefon 090-154830
Mobil 070-3758222
E-post [EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to