RE: [PHP] SQL security

Mike Migurski on Friday, October 17, 2003 9:15 AM said: > There is a magic quotes feature, > which adds slashes to request variable. You may be thinking of that: Whoops! Yeah, that's what I'm talking about. Chris. -- Don't like reformatting your Outlook replies?

RE: [PHP] SQL security

>> If you're using MySQL, you can use mysql_real_escape_string(). If >> you're using another database, hopefully there is a similar function. > >Doesn't MySQL automatically protect against attacks like SQL injection? >Or maybe it's that it automatically applies addslashes()? I can't >remember exac

RE: [PHP] SQL security

--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote: > Doesn't MySQL automatically protect against attacks like SQL > injection? Or maybe it's that it automatically applies addslashes()? Nope and nope. What you might be thinking of is that mysql_query() only allows a single query to be executed. This

RE: [PHP] SQL security

Eugene Lee on Friday, October 17, 2003 8:20 AM said: > If you're using MySQL, you can use mysql_real_escape_string(). If > you're using another database, hopefully there is a similar function. Doesn't MySQL automatically protect against attacks like SQL injection?

Re: [PHP] SQL security

On Fri, Oct 17, 2003 at 09:38:12AM -0500, Jeremy Russell wrote: : :I was just sitting here thinking how to secure my php code and : thought I would run it by the pros. I don't know what the standard : practice is to secure against sql injection and malformed information : passed from forms.

Re: [PHP] SQL security

--- Jeremy Russell <[EMAIL PROTECTED]> wrote: > I was just sitting here thinking how to secure my php code and > thought I would run it by the pros. I don't know what the standard > practice is to secure against sql injection and malformed information > passed from forms. This probably has been don