TalkPHP - View Single Post

Wildhoney · 02-11-2009, 12:03 AM

Although that is correct and there are no security implications in such code, you must remain consistent if you're not going to escape passwords. Take the following as a key example as to why you must remain consistent in either escaping or not escaping:

php Code:

$szString = "'Test'";
echo md5($szString);
echo "\n";
echo md5(mysql_real_escape_string($szString));

As you can see, the two MD5 strings now differ because the former has no slashes, and the latter has slashes to escape the single quotes.

02-11-2009, 12:03 AM	#4 (permalink)
Wildhoney La Vida es Sueño Join Date: Sep 2007 Location: Oldham Posts: 2,280 Thanks: 90	Although that is correct and there are no security implications in such code, you must remain consistent if you're not going to escape passwords. Take the following as a key example as to why you must remain consistent in either escaping or not escaping: php Code: $szString = "'Test'"; echo md5($szString); echo "\n"; echo md5(mysql_real_escape_string($szString)); As you can see, the two MD5 strings now differ because the former has no slashes, and the latter has slashes to escape the single quotes. __________________ The man who comes back through the Door in the Wall will never be quite the same as the man who went out.