 |
 |
Find a programming school near you
php-general | 2001122
Date: 12/18/01
- Next message: TD - Sales International Holland B.V.: "Fwd: Re: [PHP] Passing through Array's to another script"
- Previous message: gkin: "[PHP] Passing through Array's to another script"
- Next in thread: Don Read: "RE: [PHP] addslash/stripslashes"
- Reply: Don Read: "RE: [PHP] addslash/stripslashes"
- Reply: Michael Sims: "Re: [PHP] addslash/stripslashes"
- Maybe reply: TD - Sales International Holland B.V.: "Re: [PHP] addslash/stripslashes"
- Maybe reply: Martin Towell: "RE: [PHP] addslash/stripslashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey there,
I was once told I need to use addslashes and stripslashes on data I get from
the web and insert into the database. I'd like to know why?!?! See I know
that with other languages you could use special chars to hack/crack the
database, but even without add/strip slashes I can't seem to manage.... I
have a text field I inserted into the database and I entered stuff like this:
~!@#$%^&*()_+~!@#$%^&*()_+|\\||\[]{};:'".>,</?
since quotes n stuff aren't nicely closed now I'd expect an error if this was
crack/hackable however it just inserts fine without any problems whatsoever.
I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when
I go to the page where the data is retrieved from the database and put in
HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these
add/strip slashes functions. Any comments would be greatly appreciated.
Also I'm looking for a small feature of HTML. I know this isn't the right
list so if you guys don't reply no hard feelings. At this moment I use meta
to refresh (go back to the form) after entering the data, you'll see a page
that it's succeeded (or failed for that matter) and than after 3 secs you'll
go back to the main empty form. However, I'd like to know a way other than
meta, since when an error occurs it can happen the HTML header is already
printed out and thus I can't use the meta tag anymore. I was thinking about
javascript or something but other ways are welcome since javascript can be
disabled in the browser.
Please bear with me, this is the first thing I actually write. I only wrote
some small things for playing a little, nothing serious and this script will
be in a commercial environment with database access n stuff. Pretty kewl but
it has to be as secure and smooth as I can get it :-)
Kind regards,
Ferry van Steen
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: TD - Sales International Holland B.V.: "Fwd: Re: [PHP] Passing through Array's to another script"
- Previous message: gkin: "[PHP] Passing through Array's to another script"
- Next in thread: Don Read: "RE: [PHP] addslash/stripslashes"
- Reply: Don Read: "RE: [PHP] addslash/stripslashes"
- Reply: Michael Sims: "Re: [PHP] addslash/stripslashes"
- Maybe reply: TD - Sales International Holland B.V.: "Re: [PHP] addslash/stripslashes"
- Maybe reply: Martin Towell: "RE: [PHP] addslash/stripslashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
