On Mon, February 11, 2008 9:27 am, Emil Edeholt wrote:
> Thanks. Sure, I know how to escape and filter the input.. But since
> not
> all my sites use PDO yet, and I use some external code it would be a
> good idea to also use an sql injection scanner.
Scanning for SQL injection is like a "blacklis
> -Original Message-
> From: Emil Edeholt [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 11, 2008 5:17 AM
> To: php-general@lists.php.net
> Subject: [PHP] Security scanner
>
> I've been trying Nessus to search for sql injections and
> other security
> issues. I'm quite sure Nessus i
Thanks. Sure, I know how to escape and filter the input.. But since not
all my sites use PDO yet, and I use some external code it would be a
good idea to also use an sql injection scanner.
Emil
[EMAIL PROTECTED] wrote:
Injections only work on sloppy code.
If you are using globals you are ask
Injections only work on sloppy code.
If you are using globals you are asking for injections. Turn your globals off,
use $_POST[var_name] and filter all user input.
Just my opinion, I am sure some will disagree.
Richard L. Buskirk
## Show me a man with no fear, I will point out the date on his t
4 matches
Mail list logo
