[PHP] escapeshellarg() equiv. for cmd.exe?
I'm finding that escapeshellarg() doesn't "protect" against malicious strings used against Windows' shell, cmd.exe. Is there a function in PHP for escaping strings according to the Windows shell's rules? For example, the command separator in cmd.exe is &&. -- Jeff S. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SQL Sanitation in PHP
I'm using PHP's odbc_ functions to access an Access database, and I'm concerned about security. Do you folks have any recommendations on the best ways to sanitize my SQL queries? I've read plenty about what characters I should strip from SQL queries that use user input, namely " , / \ * & ( ) $ % ^ @ ~ ยด ? Does PHP require anything more? -- Jeff S. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] set_error_handler always returns false
I'm using PHP 4.3.1 as an Apache module. No matter what I try, I can't get set_error_handler() to do anything other than return false. Under what circumstances does this happen? -- Jeff S. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ODBC in PHP: setting SQL_ATTR_TRACE
I've been reading about ways to help secure an application against database hacking, and I've read more than once now that it's wise to turn off tracing within the ODBC drivers when issuing sensitive commands, by setting SQL_ATTR_TRACE to SQL_ATTR_OFF. But I can't figure out how to do that with the odbc_* functions. The closest I could come was odbc_setoption(), but the manual cautions against using this function in a production environment. Is there a way to pull this off in PHP? -- Jeff S. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Constants in heredoc strings?
Is there a way to expand constants in heredoc strings without assigning the constant's value to a variable first? -- Jeff S. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
