SQL injections protection
View Single Post
12-05-2007, 05:15 PM
La Vida es Sueño
Join Date: Sep 2007
Originally Posted by
Which method is better? the mysql_real_escape_string() or addslashes()? And why? Sorry just curious, because I've seen a few SQL Injection protection measure articles, and some say use addslashes, and some say use the real_escape_string... What's the difference?
is PHP's idea of what should be escaped, whilst
is what MySQL knows has to be escaped, and as it's for MySQL I'd be a lot more inclined to go for
any day. Apparently they are removing
from PHP 6.
One site I hacked a while ago was Tutorialized.com. You can often tell which sites are vulnerable just by adding a single quote in random places, such as in the URL:
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
The Following User Says Thank You to Wildhoney For This Useful Post:
View Public Profile
Send a private message to Wildhoney
Visit Wildhoney's homepage!
Find More Posts by Wildhoney