On Wednesday, July 3, 2002, at 10:21  AM, Jean-Christian Imbeault wrote:

> Security question: Is turning off magic_quotes and using 
> strip/addslashes() a 100% effective solution against malicious user 
> input?


Think about what {add|strip}slashes() does.  It simply adds slashes to 
strings, and strips them from strings, depending on certain rules (like 
the location of apostrophes or other special characters in those 

There are far more ways for malicious users to insert their own input 
than I even know of, let alone know how to handle.

Consider using add/strip a requirement, not a security precaution.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to