SQL Injection and mysql_real_escape_string
View Single Post
05-03-2008, 07:55 PM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
I was avoiding this, but c'mon. He's presented a lot more thorough reasoning than you have - to date all you've said, summed up, is "my method works fine. I don't need yours.". Which btw, after looking at your code sample (which I might add is 95% just Smarty, you may want to make a note of that so unsuspecting clients don't assume that it's your work), it seems the
thing you do is check if a variable isn't numeric, and if so, you mysql_real_escape_string() it. If that's the extent of your validation/sanitization and security, that's pretty flimsy.
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity