Hello Adrian,
Am 10:53 2003-07-19 +0200 hat Adrian Tineo geschrieben:
>What I do is verify all user input ($_GET and $_POST array) and not allow
>certain characters, most importantly ";". If they can't put a ";" they
can't
>close a query and they can't do SQL injection.
How do you do that ?
With a Java-Script in the WebPage ?
or
On the Server-Side ?
I think, we must use all two, the first one to prevent to much work
on the Server-Side and the second one if someone hack the input field
or use Commandline to access the URL.
Hmm, have no clue how to check it with Java-Script...
Does anyone have a small GPL'ed code for it ?
(I do not code Java-Script)
Thanks
Michelle
