Join Up! 104887 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI In Case You Missed It...The Week of March 12, 2006 PHP Filters: An Important Security Feature Top 10 phpmyadmin Tips and Tricks You May Not Know Table types in MySQL: Part 2 - InnoDB Tables Building Next/Prev Buttons for Query Results

php-general | 2001122

From: Don Read (dread <email protected>)
Date: 12/18/01

• Next message: Scott Fletcher: "[PHP] PHP module for modem???"
• Previous message: Gerard Onorato: "Re: [PHP] HTML Email"
• In reply to: TD - Sales International Holland B.V.: "[PHP] addslash/stripslashes"
• Next in thread: Michael Sims: "Re: [PHP] addslash/stripslashes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18-Dec-2001 TD - Sales International Holland B.V. wrote:
> Hey there,
>
> I was once told I need to use addslashes and stripslashes on data I get from
> the web and insert into the database. I'd like to know why?!?! See I know
> that with other languages you could use special chars to hack/crack the
> database, but even without add/strip slashes I can't seem to manage.... I
> have a text field I inserted into the database and I entered stuff like
> this:
> ~!@#$%^&*()_+~!@#$%^&*()_+|\\||\[]{};:'".>,</?
> since quotes n stuff aren't nicely closed now I'd expect an error if this
> was
> crack/hackable however it just inserts fine without any problems whatsoever.
> I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when
> I go to the page where the data is retrieved from the database and put in
> HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these
> add/strip slashes functions. Any comments would be greatly appreciated.
>

Check your 'magic_quotes_gpc', it might explain it.

Regards,

-- 
Don Read                                       dread <email protected>
-- It is necessary for me to learn from others' mistakes. I 
   will not live long enough to make them all by myself.
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Scott Fletcher: "[PHP] PHP module for modem???"
• Previous message: Gerard Onorato: "Re: [PHP] HTML Email"
• In reply to: TD - Sales International Holland B.V.: "[PHP] addslash/stripslashes"
• Next in thread: Michael Sims: "Re: [PHP] addslash/stripslashes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs