K. K. Mookhey, Nilesh Burghate
Colapse all |
Post comment
Detection of SQL Injection and Cross-site Scripting Attacks
2009-04-28
Ellery Leung
Ellery Leung
I am not quite understand why do you simply use:
/[a-zA-Z0-9]{0,7}/ to filter against almost ALL sql injectino here? In this case username or passwords can only be all letters and figures, with no more than 7 characters.
No offence here, but I really want to know how can a person place a SQL he...
[ more ] [ reply ]
/[a-zA-Z0-9]{0,7}/ to filter against almost ALL sql injectino here? In this case username or passwords can only be all letters and figures, with no more than 7 characters.
No offence here, but I really want to know how can a person place a SQL he...
[ more ] [ reply ]
Detection of SQL Injection and Cross-site Scripting Attacks
2009-05-13
peter miller
peter miller
Thanks a lot for this great explanation for preventing SQL and XSS through RegEx.
After reading your article ive been trying hard to find a tool (web or mac) to convert ANY character to it´s hex-representation.
I looked up the php documentation and googled for an hour but cant find anything t...
[ more ] [ reply ]
After reading your article ive been trying hard to find a tool (web or mac) to convert ANY character to it´s hex-representation.
I looked up the php documentation and googled for an hour but cant find anything t...
[ more ] [ reply ]
But I think section 3.3 is not useful as I expected...it still suffers from the false positives while the article was based on avoiding false positives ..
Thank you very much guys....
[ more ] [ reply ]