sttripslashes, addslashes, magic quotes, queries...
I have been doing some reading and I get different answers from different sources. My question comes into play regarding the integrity of securing database queries.
For the longest time, I have simply been checking my magic quotes settings and addslashes if it was off. Today I was reading an article and I believe I should ALSO be stripping the slashes if magic quotes is on when using mysql_real_escape_string. Is this true and if so, what does this do? Double escaping??
I've also come to find that neither protects you from attacks using LIKE and similar. I had a hard time finding an answer to preventing these attacks, some relied on str_replace and other methods but .. should I be using addcslashes instead of using addslashes to excape this data? I've been reading up at the manual for awhile researching this problem and it seems like a good solution, though I have never used it to see any results. Would this be safe?
|All times are GMT. The time now is 02:51 PM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0