>>This is for SELECT statements. But I'm talking about INSERT/UPDATE. Nobody prevents you from typing
>>
>>
<script> malicios script </script>
in the fields.
>
>Just remove [>] and [<] from the typed string :o)
Easy to say than do :) Though you can just test each Request. I played with this suggestion already, but I noticed slowness and also couple of our pages started to re-direct, so I removed some strings from the tested input...
If it's not broken, fix it until it is.
My Blog