| From: | Michelle Konzack <linux4michelle(at)freenet(dot)de> |
|---|---|
| To: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: postgreSQL web form; Security |
| Date: | 2003-07-19 11:06:32 |
| Message-ID: | 3.0.6.16.20030719130632.0bf78806@pop3.01019freenet.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
Hello Adrian,
Am 10:53 2003-07-19 +0200 hat Adrian Tineo geschrieben:
>What I do is verify all user input ($_GET and $_POST array) and not allow
>certain characters, most importantly ";". If they can't put a ";" they
can't
>close a query and they can't do SQL injection.
How do you do that ?
With a Java-Script in the WebPage ?
or
On the Server-Side ?
I think, we must use all two, the first one to prevent to much work
on the Server-Side and the second one if someone hack the input field
or use Commandline to access the URL.
Hmm, have no clue how to check it with Java-Script...
Does anyone have a small GPL'ed code for it ?
(I do not code Java-Script)
Thanks
Michelle
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2003-07-21 03:25:49 | Re: phpPgAdmin 2.4.2 |
| Previous Message | Adrian Tineo | 2003-07-19 08:53:04 | Re: postgreSQL web form; Security |