Template:Application Security News


 * [|Beware custom escaping, use positive validation!] "applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes and magic_quotes' are particularly unsafe. 'Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure"