From: "Richard Lynch" on 16 Jul 2010 11:42 Any Best Practice suggestions for potentially hostile user input being sent to ldap_search($ldap, "(username=$_POST[username])"); Something like an ldap_escape? Please cc me on replies. Thanks. -- Some people ask for gifts here. I just want you to buy an Indie CD for yourself: http://cdbaby.com/search/from/lynch
From: Andrew Ballard on 16 Jul 2010 12:02 On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch <ceo(a)l-i-e.com> wrote: > Any Best Practice suggestions for potentially hostile user input being > sent to ldap_search($ldap, "(username=$_POST[username])"); > > Something like an ldap_escape? > > Please cc me on replies. Thanks. > Long time no see, Richard. There are a couple ldap_escape() functions in the comments here. I don't know enough about ldap to know how robust they are. I have used one of them, but only on a few intranet sites where the probability of malicious activity is fairly low. http://www.php.net/manual/en/function.ldap-search.php Andrew
|
Pages: 1 Prev: PHP - MOODLE - WORK IN AUSTRALIA Next: Converting a javascript calculating page to a PHP one |