I was just on packetstormsecurity.org and i noticed that almost ALL security issues in PHPNUKE are related to variables being passed into SQL Querys directly without scanning for PHP code. What is the best way to make sure people cannot exploit like this when coding?
Thank you.
well if you include any pages which i think phpnuke does make sure that it cannot call other pages out side the site
and for the text boxes make sure that it only allows
a-z and 0-9 to stop them from making a super user
