[swx] swx php and sql injection
Aral Balkan
aral at aralbalkan.com
Wed Jun 11 11:13:22 PDT 2008
SWX checks its bits (i.e., it checks that only valid JSON is passed) but it
doesn't check your bits.
I debated whether to include a few injection checks but decided that it
would complicate things further and that it was the wrong layer to be
implementing that on.
So escape everything from the user before storing/displaying it and you
should be fine.
Aral
On Wed, Jun 11, 2008 at 1:51 PM, Paul Bainbridge <
forums at innovativedesigns.org.uk> wrote:
> Hi guys,
>
> I dont know enough about either so i hope someone here can give a defnite
> yes/no.
>
> Would my scripts still be open for attack via sql injection?
> i only started reading up on sql injection today.
>
> Thanks
> Paul
>
>
> _______________________________________________
> swx mailing list
> swx at osflash.org
> http://osflash.org/mailman/listinfo/swx_osflash.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/swx_osflash.org/attachments/20080611/948420fc/attachment.html
More information about the swx
mailing list