[FX.php List] PCI Compliance for FMS and OS X Server
Malcolm Fitzgerald
malcolm at notyourhomework.net
Thu Jun 27 07:54:44 MDT 2013
On 27/06/2013, at 11:35 PM, Bob Patin wrote:
> I hired a consultant to help me go through my code, and after spending a grand on him (I won't mention the company by name, but we all know it extremely well), I saw that the ONLY thing he did was to add this to every $_POST:
>
> htmlspecialchars($_POST['myvar']))
Cleansing your input is a must. If that's what they did you've spent the money well. You're better off than you were before they visited.
malcolm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20130627/e3724a47/attachment.html
More information about the FX.php_List
mailing list