Re: Change value in result — PHP Programming Language

You are here: Re: Change value in result « PHP Programming Language « IT news, forums, messages

Posted by Oli Filth on 09/27/98 11:37

ByteCoder said the following on 16/01/2006 12:11:
> Oli Filth <catch@olifilth.co.uk> wrote in
> news:%BLyf.35809$W4.22578@newsfe4-gui.ntli.net:
>
>> Incidentally, why are you storing stuff in your databases in a way
>> that requires stripslashes() to be called? Just store the raw text,
>> don't apply addslashes() or whatever to it.
>>
>>
>
> Thanks for the awnser. I do the addslashes and stripslashes because I
> want to prevent SQL injection attacks. (When inserting a value in a DB
> that was entered by a visitor).

addslashes() is not a fail-safe method for putting data into a MySQL
database. Use mysql_real_escape_string(), which is designed for this
purpose.

--
Oli

Navigation:

Next in forum: Re: Change value in result
Prev in forum: Re: Change value in result
Thread view: Re: Change value in result

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация