View Single Post
  #19  
Old 24th June 2012, 20:31
Wuild Wuild is offline
Senior Member
 
Join Date: Jun 2012
P2P
Posts: 33
Default
Quote:
Originally Posted by Bigjoos View Post
Aye like djhowarth says - You will never ever trust any user input on a site no matter if its users or staff, to do otherwise is suicide, you ensure all user supplied data is sanitized at $_POST or $_GET ect, you force numeric values to be numeric only, you also sanitize every single mysql query be it a SELECT or UPDATE or INSERT, follow those golden rules and you will have no problem, if you do not have such experience use a framework like suggested although i prefer to manually secure my work, that way i know whats coming in and what wont be.
All mysql insertions and updates ect are sanitized automaticly thrue my mysql class.

in this case it did not check the url ect, but when updated in the user field it is sanitized. i could upload a copy of my mysql class and you'll see for your self.
Reply With Quote