Re: injection scanner
List posts in the topic
Re: injection scanner
msg# 1.3
interesting i think too, but then you will have to keep updating the list when new methods are found.
personally i think the whitelist approach is best of all. only allow what you want to allow, and prevent anything else.
Gijoe approach with this new db layer is excellent IMO.
I was also looking into DB layer aswell for icms, with the idea of better filtering and making better use of mysql_real_escape_string() instead of having all the addslashes() stripslashes() all over the place. aswell as SQL Prepared Statements instead of current methods. other filters such as PHP 5 native filter_var() & filter_input() etc
Votes:11
Average:6.36
Posts tree