 |
 |
 |
 |
|
|
Date: 09/28/00
- Next message: Jeff Demel: "[PHP] Email Gobbeldy-Gook"
- Previous message: Rasmus Lerdorf: "Re: [PHP] Sudden variable problems"
- Next in thread: Michael Hall: "Re: [PHP] Addslashes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
When I mean security, I mean stopping users from being able to enter data
into forms that may override your sql. Kind of like buffer overrun attacks.
Kind of like inserting a pipe command that would send them your passwd
file(like some bad Perl scripts could).
> The main purpose of AddSlashes() is so your script does not mess up SQL
> queries etc... About security, I do not understand what you mean, maybe
> someone else will, sorry.
>
> Jay
>
> ----- Original Message -----
> From: "Chris" <php_list <email protected>>
> To: "php" <php-general <email protected>>
> Sent: Thursday, September 28, 2000 12:10 PM
> Subject: [PHP] Addslashes?
>
>
> Hi,
> I have a question about security.
> Say I have a form that takes a users input, then I use that to select or
> insert data into a mysql table.
> What all should be done to that inputed value before acually using it?
> Is addslashes() good enough? Are there some special characters that should
> never be allowed to stay in the variable?
>
> Help please,
> Thanks
> Chris
>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Jeff Demel: "[PHP] Email Gobbeldy-Gook"
- Previous message: Rasmus Lerdorf: "Re: [PHP] Sudden variable problems"
- Next in thread: Michael Hall: "Re: [PHP] Addslashes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]