Hey there,
I was once told I need to use addslashes and stripslashes on data I get from
the web and insert into the database. I'd like to know why?!?! See I know
that with other languages you could use special chars to hack/crack the
database, but even without add/strip slashes I can't seem to manage.... I
have a text field I inserted into the database and I entered stuff like this:
~!@#$%^&*()_+~!@#$%^&*()_+|\\||\[]{};:'".>,</?
since quotes n stuff aren't nicely closed now I'd expect an error if this was
crack/hackable however it just inserts fine without any problems whatsoever.
I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when
I go to the page where the data is retrieved from the database and put in
HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these
add/strip slashes functions. Any comments would be greatly appreciated.
Also I'm looking for a small feature of HTML. I know this isn't the right
list so if you guys don't reply no hard feelings. At this moment I use meta
to refresh (go back to the form) after entering the data, you'll see a page
that it's succeeded (or failed for that matter) and than after 3 secs you'll
go back to the main empty form. However, I'd like to know a way other than
meta, since when an error occurs it can happen the HTML header is already
printed out and thus I can't use the meta tag anymore. I was thinking about
javascript or something but other ways are welcome since javascript can be
disabled in the browser.
Please bear with me, this is the first thing I actually write. I only wrote
some small things for playing a little, nothing serious and this script will
be in a commercial environment with database access n stuff. Pretty kewl but
it has to be as secure and smooth as I can get it :-)
Kind regards,
Ferry van Steen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
