News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Chris Shiflett's Blog:
The Unexpected SQL Injection
October 01, 2007 @ 08:47:00

Chris Shiflett points out an unexpected SQL injection possibility as presented by Alexander Andonov for PHP (involving mysql_real_escape_string).

The focus of the article is stressing the importance of filtering input and escaping output, as neither is a substitute for the other, but he does so very clearly with specific examples [...] A number of example exploits are supplied for each case, and he discusses which ones work, which ones don't, and why.

Chris also uses the post to link to Paul Reinheimer's post about add_slashes versus mysql_escape_string and his own post on the same topic.

0 comments voice your opinion now!
mysqlrealescapestring addslashes mysqlescapestring xss mysqlrealescapestring addslashes mysqlescapestring xss


blog comments powered by Disqus

Similar Posts

Padraic Brady's Blog: CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations

Pádraic Brady's Blog: Automatic Output Escaping In PHP & The Real Future Of Preventing XSS

Templora.com: Basic PHP Script Security

SitePoint PHP Blog: Top 7 PHP Security Blunders

Ilia Alshanetsky\'s Blog: mysql_real_escape_string() versus Prepared Statements


Community Events

Don't see your event here?
Let us know!


interview unittest wordpress podcast laravel5 feature community opinion api library threedevsandamaybe development language voicesoftheelephpant laravel release framework series introduction extension

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework