| Kilandor |
|
|---|---|
|
There isn't, but if you want you can post your code.
There are 2 things to worry about when coding. 1. SQL Injections 2. Malicious HTML/JS Injections The first is simple to combat - SQL Injections This can happened by using unfiltered data that can come from a user (POST/GET) into a SQL query 1. sed_import any variables either from post/get 2. In the query if you have an integer place (int) before the var ex. (int)$id, this cannot be in quotes directly 3. Anything else that's not an integer IF it comes from a possible user input should be ran through sed_sql_prep() ex sed_sql_prep($text), if you know the data is secure coming from something internal and can't be changed, then you can skip using it, but if your unsure, it never hurts to use it anyways. The Second - HTML/JS Injections This can happen by not filtering user input thats placed directly into HTML 1. sed_import any variables either from post/get 2. before outputting any data into html (such as out through echo, or tags) run it through sed_cc ex sed_cc($text) If you follow those it should be just fine, but when your done you can post it up and i'm sure somone would likely check it for you. |
