Hey there, I was once told I need to use addslashes and stripslashes on data I get from the web and insert into the database. I'd like to know why?!?! See I know that with other languages you could use special chars to hack/crack the database, but even without add/strip slashes I can't seem to manage.... I have a text field I inserted into the database and I entered stuff like this: ~!@#$%^&*()_+~!@#$%^&*()_+|\\||\[]{};:'".>,</? since quotes n stuff aren't nicely closed now I'd expect an error if this was crack/hackable however it just inserts fine without any problems whatsoever. I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when I go to the page where the data is retrieved from the database and put in HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these add/strip slashes functions. Any comments would be greatly appreciated.
Also I'm looking for a small feature of HTML. I know this isn't the right list so if you guys don't reply no hard feelings. At this moment I use meta to refresh (go back to the form) after entering the data, you'll see a page that it's succeeded (or failed for that matter) and than after 3 secs you'll go back to the main empty form. However, I'd like to know a way other than meta, since when an error occurs it can happen the HTML header is already printed out and thus I can't use the meta tag anymore. I was thinking about javascript or something but other ways are welcome since javascript can be disabled in the browser. Please bear with me, this is the first thing I actually write. I only wrote some small things for playing a little, nothing serious and this script will be in a commercial environment with database access n stuff. Pretty kewl but it has to be as secure and smooth as I can get it :-) Kind regards, Ferry van Steen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]