Re: [PHP] Filtering out \ when a ' is user entered?
Marcus James Christian said: : \' How can I filter out these backslashes so they don't appear on the : final public viewable page? That's due to the magic_quotes variables in the PHP settings. You can apply 'stripslashes()' to the string: $what_they_said = stripslashes($what_they_said); This also will convert \n to a new line, etc, in the string. If you don't want that, and just want to rip any \ characters out (assuming your users *never* enter a slash intentionally) then try: $what_they_said = ereg_replace(\\, '', $what_they_said); Turu. -- Stephen Cope - http://sdc.org.nz/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stopping stolen / spoofed / linked sessions
: defeats the purpose of PHP sessions. I can check the HTTP_REFERER to see if : the user came from my own site, but that can be spoofed. I can log and check : the users IP address, but that can't be relied upon. : : Is there any reliable way around this? Am I missing something obvious? On the server where you are storing the session ID, also include her User-Agent and remote IP. Remote IP has some flaws when a proxy cache is involved. User-Agent stays the same fairly much through an entire session. Hopefully they aren't using *exactly* the same browser and IP. Or use one time session tokens that get reissued after each request and then invalidated. Breaks reloads and back functionality. Turu. -- Stephen Cope - http://sdc.org.nz/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]