On Thursday, April 4, 2002, at 02:09 PM, Miguel Cruz wrote:
> I find it much simpler to turn it off, and then just addslashes all
> strings before they go into the database.
I suppose you're right -- the only time you really need to add the
slashes is right before the data gets inserted. I t
On Thu, 4 Apr 2002, Erik Price wrote:
> I was hoping someone could just clarify something for me -- exactly WHAT
> is a Get/Post/Cookie operation in this case -- is it just during the
> uploading of Get/Post/Cookie data from the user agent, or is it also
> when I am taking a $_POST variable and
I believe the escaping only occurs at the time GET/POST/COOKIE data is
brought into the PHP namespace from the server. I recommend you don't
removing escapes from a security standpoint. Do a search on "SQL injection"
to find info on how crackers can mess with you when data from the client is
not e
3 matches
Mail list logo