05-03-2008, 08:11 PM
|
#32 (permalink)
|
|
Wizard
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
|
Quote:
Originally Posted by delayedinsanity
I was avoiding this, but c'mon. He's presented a lot more thorough reasoning than you have - to date all you've said, summed up, is "my method works fine. I don't need yours.". Which btw, after looking at your code sample (which I might add is 95% just Smarty, you may want to make a note of that so unsuspecting clients don't assume that it's your work), it seems the only thing you do is check if a variable isn't numeric, and if so, you mysql_real_escape_string() it. If that's the extent of your validation/sanitization and security, that's pretty flimsy.
-m
|
I have provided far more than that, I have provided my method of validation and clearly walked you though my process. All highway has posted is I am wrong, without a single piece of evidence. Also, that is not all I do, I put everything between single quotes, meaning When this is done with my previous processes, it is just as secure as typecasting! Is anyone even reading my posts? I am not saying there is no use for typecasting, there are specific uses where it may be necessary, but it is not a basic of security type thing. There is a reason highway didn't show me an example of injection on any of my clients sites, because he can't. Am I the only one that finds it funny that you are saying my scripts are not secure, but you cant seem to hack them? |
|
|
|