[Gllug] unicode and cross site scripting vulnerabilities

[Mark Preston]

Sean Burlington <gllug at uncertainty.org.uk>
wrote:-
"I know I'm not the first person to deal with this - but I don't seem to be 
able to find any good resources for this issue.
any advice/pointers much appreciated "

Hi Sean,
Try 

http://www.cert.org/tech_tips/malicious_code_mitigation.html/  

for an overview. 

As Tet states for 
PHP 
$NAME = addslashes($NAME);
$EMAIL = addslashes($EMAIL); 
etc.
will filter out (by adding a previous backslash) any occurences of a single 
quote, a backslash, or a NULL character - a disaster for SQL syntax.



Rgds from Mark Preston
www.markpreston.co.uk

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug