-I'm having trouble sanitizing this code so that shell commands such as ; ls create an injection issue in a site I am working on.
<form action="process.php" method="post">
<select name="tool">
<option>SuperInSec</option>
<option>CrazilyInSec </option>
<option>TotalInSec</option>
<option> </option>
</select>
<input name="filename" type="text" />
<mysql_real_escape_string()>
<input type="submit" />
</form>
没有评论:
发表评论