What other funcitons should I be aware of. Right now, I sanitize my variables by sending them through the following homemade function:
Quote:
function make_safe($variable) {
$variable = htmlspecialchars(trim(mysql_escape_string($variable)));
return $variable;
}
|
And now I'm trying to use regex functions to die(); whatever is running if any unwanted characters show up. I'm also going to make different database users instead of using one super user.
That's about the extent of my PHP security knowledge. I know I'm not experienced in this area but am devoting a lot of time to learn more about it. I know not having a super secure site will cause much trouble down the road.
