Hey there, once again... sorry but I'm not on the list so please CC me :-)
I was in the assumption that you needed to use addslashes on a var you retrieve from a form to properly insert it into the database. Well I'm not using it and I can put ",\n,\t etc in my webform but SQL won't evaluate them although!! I use double quotes ("var") to insert them. Can anyone explain? Cuz I'm sortta trying to crack my own database by making malicious statements like entering into the form ", "next data value", "next data value"); Hack_sql_statement; error on the rest of the values that sql is trying to parse. but i'm not succeeding. Which I find totally cool but I don't understand it.... I truely am/was under the assumption that I needed to prevent such things by using addslashes() but I guess I'm wrong. Just curious :-) Have a nice weekend fellow scripters Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]