Hi all and thanks to all the community for the great work done on Snitz Forum.
If the question has already been answered elsewhere in the forum just point me to it.
I have some litle security concerns about Sql injection protection and more precisely about how it is done in snitz.
I use Snitz Forums 2000 Version 3.4.03 ( I don't think its up to date yet ) on a Win2k Platform with MySQL.
I use a customised version of the registration form that both registers my users on my website and on the forum ( all in one ).
For my user data tables I check all of the fields against SQL injection before inserting the data in the DB. Moreover for text area fields ( like hobbies in snitz registration page ) I convert every spetial characters to a custom made code so i am sure that I wont find any % , * or ' etc... But for the insertion in the forum_member table I wanted to know if there is a function used on the registration page to check for theses special characters since I can't really use mine ( it would'nt display correctly in the forum specific pages) . For now the fields I insert in the Forum part of the DB at registration time aren't checked and I don't want to open the web site until it is done .
Just explain me briefly the mechanism used to insert ' characters and others like % etc .. in the Forum Database text fields so i can do my validation in my registration form.
Topic Locked
Posted - 04 July 2003 : 08:20:06
