AskApache's Profile

About Me:

Last 10 Comments

1

Thanks for setting the record straight... I found your site through some security friends and heard about this article so I checked it out.

Smashing is actually a fantastic resource, they try awfully hard and usually have useful stuff.. but after reading that article I was pissed. As a beginner to php programming myself in many ways I only use php for WordPress Dev mostly, even I could recognize the lack of filtering they did by allowing that one in. Ughh.

So I read your rebuttal and was pleased to see a well-written explanation of what was wrong, what could be improved, and learned a few things too!
Posted in /blog/2009/mar/smashing-php.

Sun, 05 Apr 2009 at 06:12:22: Link

Stats

Member Since: 05 Apr 2009
Comments: 1

Web Site

askapache.myopenid.com

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
65 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
70 Comments

Google XSS Example

21 Dec 2005
39 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13th December 2004
75 Comments

The Truth about Sessions

15th December 2003
79 Comments

Foiling Cross-Site Attacks

14th October 2003
69 Comments

Guru Speak: Storing Sessions in a Database

14th December 2004
62 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21st October 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer