In an article about SQL Injection by Chris Shiflett he mentions the
following in a comment: "The process of escaping should preserve data,
so it should never be necessary to reverse it. When I'm auditing an
application, things like stripslashes() alert me to design problems."

Now, I'm always using PHP PDO with prepared statements and as such data
with quotes gets slashed automatically by PDO when inserted into the

When I need to pull out the data something might be slashed and I need
to use stripslashes() or some str_replace() to make sure that the
slashes are removed.

So what's the mistake here and what's the correct way to do it?

Kind regards


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to