Hey there,
once again... sorry but I'm not on the list so please CC me :-)
I was in the assumption that you needed to use addslashes on a var you
retrieve from a form to properly insert it into the database. Well I'm not
using it and I can put ",\n,\t etc in my webform but SQL won't evaluate them
although!! I use double quotes ("var") to insert them. Can anyone explain?
Cuz I'm sortta trying to crack my own database by making malicious statements
like entering into the form
", "next data value", "next data value"); Hack_sql_statement; error on the
rest of the values that sql is trying to parse.
but i'm not succeeding. Which I find totally cool but I don't understand
it.... I truely am/was under the assumption that I needed to prevent such
things by using addslashes() but I guess I'm wrong.
Just curious :-)
Have a nice weekend fellow scripters
Regards
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
