[nycphp-talk] Best practice for escaping data
Randal Rust
randalrust at gmail.com
Thu Feb 15 19:51:20 EST 2007
On 2/15/07, Chris Shiflett <shiflett at php.net> wrote:
> http://nyphp.org/phundamentals/storingretrieving.php
Thanks for the link, Chris. I have been looking over your PHP security
book, the PHP Cookbook and Programming PHP tonight to try to refresh
myself on this topic. This article will help immensely.
> As an aside, your filtering looks very lenient. What is the purpose of
> that particular function?
That function basically is supposed to only allow the characters that
are included in the regex. The more and more I look at it, the more
and more I realize that it's just been bad from the start.
--
Randal Rust
R.Squared Communications
www.r2communications.com
More information about the talk
mailing list