If you strip slashes, it will make a security hole.
For example,
SELECT * FROM tablename WHERE name = '$name';
what if $name is
\'garbage\';DROP TABLE tablename;SELECT \'something
After stripslashes($name)
SELECT * FROM table WHERE name = 'garbage';DROP TABLE tablename;SELECT
'something';
Regards,
--
Yasuo Ohgaki
""Noah Spitzer-Williams"" <[EMAIL PROTECTED]> wrote in message
9bf7ec$m1m$[EMAIL PROTECTED]">news:9bf7ec$m1m$[EMAIL PROTECTED]...
> would there be any problems caused if i used the stripslashes() function on
> all posted variables from a form to eliminate sql query errors?
>
> - Noah
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
- [PHP] is it safe to stripslashes() on all form varia... Noah Spitzer-Williams
- Re: [PHP] is it safe to stripslashes() on all f... Plutarck
- Re: [PHP] is it safe to stripslashes() on all f... Yasuo Ohgaki
- Re: [PHP] is it safe to stripslashes() on a... Noah Spitzer-Williams
- Re: [PHP] is it safe to stripslashes() on all f... Alexander Skwar
- Re: [PHP] is it safe to stripslashes() on all f... Yasuo Ohgaki
- Re: [PHP] is it safe to stripslashes() on a... Yasuo Ohgaki
- RE: [PHP] is it safe to stripslashes() on all f... Jason Murray
