SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2003
    Location
    PHP World
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    COOKIE and SQL Injection

    Hello ..

    for example :

    PHP Code:
    $query mysql_query("SELECT * FROM table WHERE username='" $_COOKIE['username'] . "'"); 
    magic_quotes is off , what is solution ?

  2. #2
    SitePoint Guru
    Join Date
    Jul 2004
    Location
    Netherlands
    Posts
    672
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://nl3.php.net/manual/en/functio...ape-string.php

    Note that you can use a function where you check wether magic quotes is on or off, and escape if necessary..
    Go visit my site :-D you know you want to ;-)
    www.mech7.net

  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2003
    Location
    PHP World
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks but what about addslashes ?

  4. #4
    PHP/Rails Developer Czaries's Avatar
    Join Date
    May 2004
    Location
    Central USA
    Posts
    806
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You do not need addslashes when using that function - it will take care of everything for you.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •