Hi
I develop an Open Source cms called phpope. As base we need PEAR for database actions. Now How big is the problem with injection of sql code and what can be a solution.
Has someone expiriences in this part of security?
As long as you use add_slashes() on every field before putting it into a query you're pretty much safe.
actually, that depends.
if magic_quotes_gpc is set to 1, then for get, post and cookie data, you should not use addslashes().
