PEAK XOOPS - Re: How about starting security/development forum 
TOP
>
Forum
>
Etc.
>
Etc.
>
How about starting security/development forum
>
Re: How about starting security/development forum
Re: How about starting security/development forum
Re: How about starting security/development forum
msg# 1.1.1.1
- depth:
- 3
GIJOE
Posts: 4110
Posts: 4110
Quote:
- "user enters url"
You should know some URL's from javascript : or about :
- $myts->addSlashes
You should know $myts->addSlashes behave curiously.
Under the environment magic_quotes_gpc=on, it never escapes slashes.
POST,GET -> ($myts->stripSlashes) -> raw data
raw data -> (addslashes or mysql_*_escape instead of $myts->addSlashes) -> string for MySQL
This is the right way.
stefan88 wrotes:
Well, I have an edit field, where user enters url.
I do " $myts->addSlashes..." before saving into database and "$myts->htmlSpecialChars..." before display.
Is that ok and what else should I do?
- "user enters url"
You should know some URL's from javascript : or about :
- $myts->addSlashes
You should know $myts->addSlashes behave curiously.
Under the environment magic_quotes_gpc=on, it never escapes slashes.
POST,GET -> ($myts->stripSlashes) -> raw data
raw data -> (addslashes or mysql_*_escape instead of $myts->addSlashes) -> string for MySQL
This is the right way.
Votes:9
Average:8.89
Posts tree
-
How about starting security/development forum
(stefan88, 2006/11/16 18:58)
-
Re: How about starting security/development forum
(GIJOE, 2006/11/17 6:54)
-
Re: How about starting security/development forum
(stefan88, 2006/11/18 21:38)
-
Re: How about starting security/development forum
(GIJOE, 2006/11/21 5:11)
-
Re: How about starting security/development forum
(stefan88, 2006/11/21 16:05)
-
-
-
-
Login