>I am trying to make my PHP safe against malicious data user inputs.
>Reading up on this most people suggest using addslashes(), magic_quotes
>on and other things like mysql_escape_string();
>
>But I have been running into the problem that I mess up the user's input
>because I use more then one of these functions in succession on the data.
>
>Is there any way to prevent the "re-escaping"/"re-slashing" of data that
>has already been escaped or slashed?
There are functions to determing if Magic Quotes are on or not.
So, you would do:
function maybe_addslashes($text = ''){
if (get_php_ini('magic_quotes')){
$result = $text;
}
else{
$result = addslashes($text);
}
return $result;
}
This is not nearly enough to stop 'malicious' data -- It simply makes it
easier to insert the data they have provided to a database...
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
