FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » BB type posting - is this secure?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: BB type posting - is this secure? [message #176402 is a reply to message #176398] Fri, 30 December 2011 18:14 Go to previous messageGo to previous message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma:
Senior Member
.oO(Michael Joel)

> Sorry I did not make it clear.
>
> stripslashes is used as it comes out of the db

This will corrupt your data!

Think of adding slashes just as a way to "mark" some chars, so that the
DB doesn't interpret them. It's not about adding literal slashes to your
strings, so you don't have to remove anything after retrieving the data
from the DB.

In other words: Adding slashes doesn't change your string data, it just
ensures that all chars, even the special ones, make it into the DB as
they are.

> , addslashes are used as
> it goes in (but as mention mysql_real_escape_string is to be used).

Good. You could also have a look at prepared statements.

Micha

--
http://mfesser.de/blickwinkel
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Help with script that retrieve remote files
Next Topic: Give me the names of some CRM php projects
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 05:44:26 GMT 2024

Total time taken to generate the page: 0.04207 seconds