| Re: BB type posting - is this secure? [message #176402 is a reply to message #176398] |
Fri, 30 December 2011 18:14   |
Michael Fesser
Messages: 215
Registered: September 2010
Karma:
|
Senior Member |
|
|
.oO(Michael Joel)
> Sorry I did not make it clear.
>
> stripslashes is used as it comes out of the db
This will corrupt your data!
Think of adding slashes just as a way to "mark" some chars, so that the
DB doesn't interpret them. It's not about adding literal slashes to your
strings, so you don't have to remove anything after retrieving the data
from the DB.
In other words: Adding slashes doesn't change your string data, it just
ensures that all chars, even the special ones, make it into the DB as
they are.
> , addslashes are used as
> it goes in (but as mention mysql_real_escape_string is to be used).
Good. You could also have a look at prepared statements.
Micha
--
http://mfesser.de/blickwinkel
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]