From: "Richard Lynch" on
Any Best Practice suggestions for potentially hostile user input being
sent to ldap_search($ldap, "(username=$_POST[username])");

Something like an ldap_escape?

Please cc me on replies. Thanks.

--
Some people ask for gifts here.
I just want you to buy an Indie CD for yourself:
http://cdbaby.com/search/from/lynch


From: Andrew Ballard on
On Fri, Jul 16, 2010 at 11:42 AM, Richard Lynch <ceo(a)l-i-e.com> wrote:
> Any Best Practice suggestions for potentially hostile user input being
> sent to ldap_search($ldap, "(username=$_POST[username])");
>
> Something like an ldap_escape?
>
> Please cc me on replies. Thanks.
>

Long time no see, Richard. There are a couple ldap_escape() functions
in the comments here. I don't know enough about ldap to know how
robust they are. I have used one of them, but only on a few intranet
sites where the probability of malicious activity is fairly low.

http://www.php.net/manual/en/function.ldap-search.php


Andrew