[FX.php List] [OFF] Filemaker Web Security?
Troy Meyers
tcmeyers at troymeyers.com
Fri Sep 5 13:38:04 MDT 2008
Joel,
Thanks for the acknowledgment. Yes, testing with the two characters "* is a shocker!
-Troy
> Whoa, thanks Troy!
>
> I know this list has bandied about on using double-equal '==' and
> quotes, a la:
>
> '=="'.$_POST['user_name'].'"'
>
> as safe for logins, but read Troy's last line (below). Then try
> entering a valid username and then "* (double-quote asterisk) as the
> password on a site where you've used that structure!
>
> It seems using preg_replace() at LEAST to strip double-quotes is
> really necessary afterall!
>
> Thanks Troy,
>
> -Joel
More information about the FX.php_List
mailing list