Hey there,

once again... sorry but I'm not on the list so please CC me :-)

I was in the assumption that you needed to use addslashes on a var you 
retrieve from a form to properly insert it into the database. Well I'm not 
using it and I can put ",\n,\t etc in my webform but SQL won't evaluate them 
although!! I use double quotes ("var") to insert them. Can anyone explain? 
Cuz I'm sortta trying to crack my own database by making malicious statements 
like entering into the form
", "next data value", "next data value"); Hack_sql_statement; error on the 
rest of the values that sql is trying to parse.
but i'm not succeeding. Which I find totally cool but I don't understand 
it.... I truely am/was under the assumption that I needed to prevent such 
things by using addslashes() but I guess I'm wrong.

Just curious :-)

Have a nice weekend fellow scripters


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to