Quote:
|
A common (yet very unknown) flaw is the use of MySQL Injection.
|
Quote:
I've created a filter script that will cancel out any quotes or other things the user tries to enter.
function apiFilter($filterString)
{
$filterString = trim($filterString);
$filterString = strip_tags($filterString);
$filterString = htmlspecialchars($filterString);
// check for magic_quotes prior to adding more slashes
if ( !get_magic_quotes_gpc() )
$filterString = addslashes($filterString);
return $filterString;
}
|
Your tutorials are very nice, knowledgeable, well-written, all that stuff. Nevertheless, you are leading novices to believe you have discovered or invented things that you have neither discovered nor invented. That's not nice.