Thread: Secure Coding
View Single Post
Old 19-07-2010, 12:28   #13
Damien
Remoaner
Cable Forum Team
 
Damien's Avatar
 
Join Date: Mar 2004
Posts: 32,731
Damien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver bling
Damien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver bling
Re: Secure Coding
Quote:
Originally Posted by punky View Post
Sanitising input can mean almost anything but usually it means escaping characters. This means it converts ' to \' so the query remains safe to be executed by MySQL

Its de-escaped (either automatically or manually, I can't remember now its been a while) when its retrieved back onto the page.
Thought you meant that. Surely some of the bigger layers support actual parametrisation?
Damien is offline   Reply With Quote