[thelist] PHP tip

Paul Bennett paul at teltest.com
Tue Feb 4 13:14:01 CST 2003


Rob Whitener wrote:

>I do hide all of my database connection information in an include file.
>Users don't have to know the name of the database, they just connect.  This
>is probably not in any way shape or form secure, but how do you get around
>it?  force logons for everything?
>
No, all you need to do is use server side code to thoroughly check all
your posted vars BEFORE even touching the database with them. You cannot
count on javascript to protect you because it can be turned off. Simply
use it as an enhancement to existing server side security.

>
>

--
Paul Bennett
Internet Developer
Teltest Electronic Design
--------------------------
Phone : 64 4 237 0767
Web : http://www.teltest.com
Wap : http://wap.teltest.com
Email : paul at teltest.com
--------------------------






More information about the thelist mailing list