Do you want to switch/convert? lolOriginally Posted by digimon
php all the way;
Ultimate Techie
Do you want to switch/convert? lol
php all the way;
|--- www.RealJamaicaEstate.com ™ ---|
Invest small = small returns [micro enterprise] | Invest Big = returns Big [macro enterprise]
--- www.fashionsJAMAICA.com ™ -|- www.ChampsJamaica.com ™
Junior Techie
Thuggest u need to sanitise all user input when writing your scripts. Assume that all user input is potentially malicious. This is important not only with SQL but with *ANY* form of user input. Google addslashes() and magic_quotes...
Junior Techie
Can u give me an example of how that piece of code could utilize the addslashes and magic_quotes?
Junior Techie
Magic Quotes is defined in your php.ini file. When it is enabled it automagically escapes php special characters in all user input accessed via $_GET or $_POST such as < > ; " etc. Magic Quotes is enabled by default but in future versions of php it is a deprecated feature and will be turned off by default mainly because it promotes sloppy coding. To manually ensure that you escape special characters in all user input you use the addslashes() function. You can use it like this:
Code:<?php $randomvariable = $_POST['randomvariable']; $sanitizedradomvariable = addslashes($randomvariable); //now u can use $sanitizedrandomvariable without worrrying about any php code //injection ?>
Ultimate Techie
Read these link infos:
addslashes()
1) http://www.w3schools.com/php/func_string_addslashes.asp
2) http://jm2.php.net/addslashes
Magic Quotes
3) http://jm.php.net/magic_quotes
|--- www.RealJamaicaEstate.com ™ ---|
Invest small = small returns [micro enterprise] | Invest Big = returns Big [macro enterprise]
--- www.fashionsJAMAICA.com ™ -|- www.ChampsJamaica.com ™
Junior Techie
Bless sutra, will drop that in asap.
Posting Permissions
Reply With Quote