On Tue, 21 Dec 2010 10:32:21 -0500
Adam Richardson wrote:
> 1. Turn off magic_quotes_gpc if on, as its use has been deprecated.
> 2. Use prepared statements.
> 3. Don't worry about stripping slashes ever again :)
Thank you for a very enlightening answer. I guess I misunderstood
the "PDO automati
On Mon, Dec 20, 2010 at 11:31 PM, Rico Secada wrote:
> Hi.
>
> In an article about SQL Injection by Chris Shiflett he mentions the
> following in a comment: "The process of escaping should preserve data,
> so it should never be necessary to reverse it. When I'm auditing an
> application, things l
Hello,
The plug-in PDO has nothing to do with the backslashes being inserted into
the database. The backslashes are used to escape characters like in D's...it
would show D's. That's the safe behavior of it. You can change
your programming code to fix that.
Ravi.
On Tue, Dec 21, 2010
On Tue, 21 Dec 2010 00:32:19 -0500
Paul M Foster wrote:
> On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote:
>
> > Hi.
> >
> > In an article about SQL Injection by Chris Shiflett he mentions the
> > following in a comment: "The process of escaping should preserve
> > data, so it shoul
On Tue, Dec 21, 2010 at 05:31:15AM +0100, Rico Secada wrote:
> Hi.
>
> In an article about SQL Injection by Chris Shiflett he mentions the
> following in a comment: "The process of escaping should preserve data,
> so it should never be necessary to reverse it. When I'm auditing an
> application,
Hi.
In an article about SQL Injection by Chris Shiflett he mentions the
following in a comment: "The process of escaping should preserve data,
so it should never be necessary to reverse it. When I'm auditing an
application, things like stripslashes() alert me to design problems."
Now, I'm always
6 matches
Mail list logo
