On Fri, 19 Apr 2002, SP wrote:
> Now should I include all those special characters? I want it to be hack
> proof so I don't want to add the user input into my database and have
> something bad happen.
>
> Which ones are safe?
> ~ ` ! @ # $ % ^ & * ( ) _ + - = [ ] \ { } | : " ; ' < > ? , . /
All characters are safe for database use as long as they're handled
properly.
Basically that means escaping ' " and \ which should be taken care of
automatically by addslashes (or by the abominable magic_quotes_gpc if you
happen to have it on).
Now, when you're dealing with path/file names and arguments to external
programs, you need to be more careful...
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
