Reply to Re: [PHP] basic user/input form questions... more validation!

Your name:

Reply:


Posted by Chris Shiflett on 10/21/13 11:27

bruce wrote:
> not sure i agree with this one.. if i put "foo \' cat" in a db tbl...
> i expect that i'll get the same out... which is what some of the
> articles i've seen have stated.. are you telling me, and are you sure,
> that i'd get "foo ' cat" out instead!!????
>
> the articles i've seen imply that if you addslashes, you also need to
> stripslashes on the backend...

You're reading the wrong articles. :-)

Escaping is something you do to preserve data, period. If you have data
that is going to enter a context where it can be considered anything
other than data, it needs to be escaped. I often simplify this by
suggesting that you always escape output.

I did a podcast about this topic a few weeks ago:

http://pro-php.com/index.php?post_id=10

I also wrote a small followup blog entry:

http://shiflett.org/archive/133

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация