WebApp Sec mailing list archives
Re: Anyone have some basic security tips for PHP-programmers?
From: tim () xi co nz
Date: Fri, 21 Nov 2003 09:53:46 +1300
1. This is esentially what magic-quotes does
http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc
If your server doesn't have this enabled, you can enable it with .htaccess for your webarea only.
From my point of view, magic_quotes is a bad idea, because
it can't possibly cover every way data can enter your script, and it's counterproductive when you want to do other things with that data. Look at the number of php-based apps that end up displaying \' back to the user instead of '. I prefer turning magic_quotes off, and when building SQL, explicitly escaping each included string. It's a little more work, but you can guarantee your SQL safe. There's no general way to sanitize strings - if you're inserting them into a database you want to treat them differently to if you're logging them or displaying them back or sending them via xml or whatever. -- Tim Oliver tim () e2-media co nz
Current thread:
- Anyone have some basic security tips for PHP-programmers? Matthews, Chris (Nov 14)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 20)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 18)
- <Possible follow-ups>
- Re: Anyone have some basic security tips for PHP-programmers? DownBload (Nov 18)
- RE: Anyone have some basic security tips for PHP-programmers? Keifer, Trey (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? tim (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 24)
- Re: Anyone have some basic security tips for PHP-programmers? Andreas (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Sverre H. Huseby (Nov 25)