http://www.paulgarvin.net/blog/posts/84 A blog about autocrossing, some geeky stuff & Philadelphia. Mon, 16 Nov 2009 15:49:25 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://www.paulgarvin.net/blog/posts/84/comment-page-1#comment-203 Paul Fri, 14 Aug 2009 17:08:40 +0000 http://www.paulgarvin.net/blog/?p=84#comment-203 Yes, validating input from a web form, but could be applied to accepting input from an RPC-XML or Json API. PHP doesn't have a taint mode. There is an RFC for putting it into 5.4/6.0. You are right about teh bound SQL params. That does give you protection against SQL injection. Yes, validating input from a web form, but could be applied to accepting input from an RPC-XML or Json API. PHP doesn’t have a taint mode. There is an RFC for putting it into 5.4/6.0. You are right about teh bound SQL params. That does give you protection against SQL injection.

]]> http://www.paulgarvin.net/blog/posts/84/comment-page-1#comment-202 shinronin Thu, 13 Aug 2009 14:24:11 +0000 http://www.paulgarvin.net/blog/?p=84#comment-202 hey paul, are we talking about validating input from a web form prior to insertion into a db? does PHP have a taint mode? if so, that plus bind params are pretty robust security measures. hey paul, are we talking about validating input from a web form prior to insertion into a db? does PHP have a taint mode? if so, that plus bind params are pretty robust security measures.

]]>