subject:"Re\: \[PHP\] Serialised Data \& DBs"

Re: [PHP] Serialised Data & DBs

2002-07-30 Thread Danny Shepherd

- Original Message - From: "1LT John W. Holmes" <[EMAIL PROTECTED]> To: "Danny Shepherd" <[EMAIL PROTECTED]>; "PHP-General" <[EMAIL PROTECTED]> Sent: Tuesday, July 30, 2002 8:18 PM Subject: Re: [PHP] Serialised Data & DBs >

Re: [PHP] Serialised Data & DBs

2002-07-30 Thread 1LT John W. Holmes

Yes, it'd be really smart to. If any of the data in the serialized string has a ' or " in it, it could break your query. Or the user being able to enter a ' or " into the data could open you to SQL attacks. You want to do addslashes() on the result of serialize(), not the content going into it, t

Re: [PHP] Serialised Data & DBs

2002-07-30 Thread Rasmus Lerdorf

Yes, you would need to. serialize() does not encode any of the variable data. -Rasmus On Tue, 30 Jul 2002, Danny Shepherd wrote: > Hi, > > Is it necessary to perform addslashes() on serialised data before inserting > it into a database? > > Thanks, > > Danny. > > > -- > PHP General Mailing Lis

Re: [PHP] Serialised Data & DBs

Re: [PHP] Serialised Data & DBs

Re: [PHP] Serialised Data & DBs

3 matches

Site Navigation

Mail list logo

Footer information