03-12-2008, 02:39 PM
|
#9 (permalink)
|
|
The Frequenter
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
|
Quote:
Originally Posted by Gareth
No it isn't just paranoia. Sanitisation is a must if you are to defy silly little kiddy hackers who think they are cool by trying to SQL Inject you :)
|
Seriously, I am not dumb or something? Why should I write a complete, complex system to filter out his input as well, if he asked for an example on a whole different subject.
So yes, paranoia.
Hopefully it'll work out oMIKEo!
/edit
I just noticed in your mysql_query() that you set the value with "Y" and perhaps "N". I advise you to set the field to int(1) and put a 0 for no, and a 1 for yes. That way, the system would be more secure and you wouldn't have to mess with upper or lower case characters.
__________________
"Life is a bitch, take that bitch on a ride"
|
|
|