Jump to content

Vicne

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Vicne

  • Rank
    Newbie
  1. Hi, I think the page about PHP form validation should make clear that validation issues depend on the context and that the proposed validation (the "test_input" function at the end) only protects against rogue URLs. Indeed, I just found a rather popular page in IoT community that uses that exact function for values to be inserted in a database. Unfortunately, if I'm not mistaken, the test_input function does nothing to prevent SQL injection (a value like "1';drop table SensorData;" would happily pass through test_input) and, to the contrary, would modify perfectly valid SQL string va
×
×
  • Create New...