Re: [PHP] MySql injections (related question) — PHP

You are here: Re: [PHP] MySql injections (related question) « PHP « IT news, forums, messages

Posted by Richard Lynch on 05/13/05 01:52

On Thu, May 12, 2005 12:39 pm, James Williams said:
> I'm pretty sure that, in order to use mysql_real_escape_string() you
> must have magic quotes off or use stripslashes first... the same as
> addslashes, so it should work if you just search and replace. Don't
> quote me on that though

Well, yes, but you see it's no longer as simple as a global search and
replace, since there is no addslashes all over the place.

I have to hand-examine every file in, what, almost a decade's worth of
code spread over several dozen websites?

What is the CURRENT security advantage, if any, to
mysql_real_escape_string versus Magic Quotes?

--
Like Music?
http://l-i-e.com/artists.htm

Navigation:

Next in forum: Re: [PHP] Form handling
Prev in forum: Re: [PHP] auto_prepend_file in Apache Directory container
Thread view: Re: [PHP] MySql injections (related question)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация