Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] hacking at php: how to set a variable

Rich Buggy wrote:

While you're redeveloping you should also read about Cross-site
Scripting and why you should escape user input before sending it back to
the browser.


On Sun, 2007-12-30 at 21:29 +1100, Voytek Eymont wrote:
On Sun, December 30, 2007 8:46 am, Peter Rundle wrote:

BTW this style of Sql that you've written is at risk of SQL injection.
thanks, Peter

as it is, this website is pending redevelopment, and, there is less than
200 ppl than can access the actual site, it was a custom written cms, I
just hack some alterations once in a while

Isn't PHP fun?


Rick Welykochy || Praxis Services

No passion so effectually robs the mind of all its powers of acting
and reasoning as fear.
    -- Edmund Burke