Hey there,

I was once told I need to use addslashes and stripslashes on data I get from 
the web and insert into the database. I'd like to know why?!?! See I know 
that with other languages you could use special chars to hack/crack the 
database, but even without add/strip slashes I can't seem to manage.... I 
have a text field I inserted into the database and I entered stuff like this:
since quotes n stuff aren't nicely closed now I'd expect an error if this was 
crack/hackable however it just inserts fine without any problems whatsoever. 
I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when 
I go to the page where the data is retrieved from the database and put in 
HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these 
add/strip slashes functions. Any comments would be greatly appreciated.

Also I'm looking for a small feature of HTML. I know this isn't the right 
list so if you guys don't reply no hard feelings. At this moment I use meta 
to refresh (go back to the form) after entering the data, you'll see a page 
that it's succeeded (or failed for that matter) and than after 3 secs you'll 
go back to the main empty form. However, I'd like to know a way other than 
meta, since when an error occurs it can happen the HTML header is already 
printed out and thus I can't use the meta tag anymore. I was thinking about 
javascript or something but other ways are welcome since javascript can be 
disabled in the browser.

Please bear with me, this is the first thing I actually write. I only wrote 
some small things for playing a little, nothing serious and this script will 
be in a commercial environment with database access n stuff. Pretty kewl but 
it has to be as secure and smooth as I can get it :-)

Kind regards,

Ferry van Steen

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to