GoFuckYourself.com - Adult Webmaster Forum - View Single Post - free tube script w/auto updating embed codes

jimbona · 04-20-2008, 03:18 PM

Still not really secure, youve just thrown in a auto convert of the _GET and _POST to local vars which will still be incorrect as you clean then once with

get_magic_quotes_gpc() check
then use the initial raw data to do the mysql_real_escape_string() clean.

But then, if the value is an integer, its not cleaned at all, so the raw data is still flowing through.

Make use of (int) or intval() if you know the variable you want HAS to be an integer.

04-20-2008, 03:18 PM
jimbona Confirmed User Join Date: Jan 2007 Posts: 190	Still not really secure, youve just thrown in a auto convert of the _GET and _POST to local vars which will still be incorrect as you clean then once with get_magic_quotes_gpc() check then use the initial raw data to do the mysql_real_escape_string() clean. But then, if the value is an integer, its not cleaned at all, so the raw data is still flowing through. Make use of (int) or intval() if you know the variable you want HAS to be an integer. __________________ Thanks Paul Thunder-Ball.net - Member