deadsilence
New Member
I'm passing PHPSESSID to a PHP page (via POST) and I was wondering what's the best way of sanitizing the input. Would \[code\]mysql_real_escape_string\[/code\] suffice? Is there anything special I should take into account when dealing with session IDs (I mean, they can only be letters and numbers right?)?EDIT:To clarify the question, what I really want to know is: if someone tampers with the POST data, can he send a malicious string as PHPSESSID that would do something nasty when I call \[code\]session_id($_GET['PHPSESSID'])\[/code\]?I personally cannot think of any, but better safe than sorry...Thanksnico