SQL Injection and mysql_real_escape_string
View Single Post
05-01-2008, 02:44 PM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
You can also circumvent the basic sql injections where somebody tries
' OR username=admin --
simply with trim($szUsername, " '-"). Or preg_match("~[A-Za-z0-9_]~", $szString), or... as I said above, the best way, imo, is to not trust just one method of sanitization or validation. Verify that information.
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity