 |
 |
 |
 |
|
|
Date: 09/29/00
- Next message: Abe Asghar: "[PHP] B2B Site"
- Previous message: Teodor Cimpoesu: "Re: [PHP] stdin streams"
- In reply to: Chris: "[PHP] Addslashes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
As I understand it, addslashes() is not really about security, it is about
preventing quotes in input from stuffing up MySQL, which doesn't like them
(or rather, interprets them as something else).
to find and remove special characters in variables that could be used for
nefarious purposes, use ereg() and/or ereg_replace().
another useful function is quotemeta().
All this stuff is in the manual.
Michael Hall
----- Original Message -----
From: Chris <php_list <email protected>>
To: php <php-general <email protected>>
Sent: Friday, September 29, 2000 1:40 AM
Subject: [PHP] Addslashes?
Hi,
I have a question about security.
Say I have a form that takes a users input, then I use that to select or
insert data into a mysql table.
What all should be done to that inputed value before acually using it?
Is addslashes() good enough? Are there some special characters that should
never be allowed to stay in the variable?
Help please,
Thanks
Chris
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Abe Asghar: "[PHP] B2B Site"
- Previous message: Teodor Cimpoesu: "Re: [PHP] stdin streams"
- In reply to: Chris: "[PHP] Addslashes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]