Re: [Hampshire] A little help with php / mysql

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MBrian Chivers at <-
MBrian Chivers at ->

Reply to this message
Author: Vic
Date:  
To: hampshire
Subject: Re: [Hampshire] A little help with php / mysql

> So as you can see there is never any user input to worry too much about

*Yet*.

The trouble with knock-up applications is that they invariably creep; n
years from now, there might well be a way for user-entered stuff to get
into the SQL stream. That's when gnarly injection problems crawl out of
the woodwork, and your name is instantly mud...

Sanitising input really isn't onerous - it's less work than writing the
email to tell us why you don't think you need to - and it will defend your
code against whatever Management might want to do with it in the future...

Vic.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] A little help with php / mysqlRe: [Hampshire] Clock / Weather Applet Ubuntu 8.04.1->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)