Jesus that's pretty scary! So how should i go about doing this?
""Yasuo Ohgaki"" <[EMAIL PROTECTED]> wrote in message
9bflce$9p5$[EMAIL PROTECTED]">news:9bflce$9p5$[EMAIL PROTECTED]...
> If you strip slashes, it will make a security hole.
>
> For example,
>
> SELECT * FROM tablename WHERE name = '$name';
> what if $name is
> \'garbage\';DROP TABLE tablename;SELECT \'something
>
> After stripslashes($name)
> SELECT * FROM table WHERE name = 'garbage';DROP TABLE tablename;SELECT
> 'something';
>
> Regards,
> --
> Yasuo Ohgaki
>
>
> ""Noah Spitzer-Williams"" <[EMAIL PROTECTED]> wrote in message
> 9bf7ec$m1m$[EMAIL PROTECTED]">news:9bf7ec$m1m$[EMAIL PROTECTED]...
> > would there be any problems caused if i used the stripslashes() function
on
> > all posted variables from a form to eliminate sql query errors?
> >
> > - Noah
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
