Yasuo, I didn't quite follow this. What are those special characters below
in your $name example?
TIA
Kirk
> -----Original Message-----
> If you strip slashes, it will make a security hole.
>
> For example,
>
> SELECT * FROM tablename WHERE name = '$name';
> what if $name is
> \'garbage\';DROP TABLE tablename;SELECT \'something
>
> After stripslashes($name)
> SELECT * FROM table WHERE name = 'garbage';DROP TABLE tablename;SELECT
> 'something';
>
> Regards,
> --
> Yasuo Ohgaki
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
