ntroduction
The addslashes() function is used to add backslashes [\] to data submitted from your forms. This keeps the input MySQL (and other coding languages) friendly. What this means is that addslashes() would change:
I'm Vinod
to:
I\'m Vinod
This function controls SQL injection; in other words you pass a special character, for example:
$fname = $_POST[fname];
$sql="insert into user(fname) value($fname)";
x=(fname)value('Ram's');
This form is called SQL injection. Already (Magic_Quates_GPC)= On otherwise go to PHP ini setting GPC means G for GET, P for POST, and C for COOKIES.
Syntax
The addslashes() function is used to add backslashes [\] to data submitted from your forms. This keeps the input MySQL (and other coding languages) friendly. What this means is that addslashes() would change:
I'm Vinod
to:
I\'m Vinod
This function controls SQL injection; in other words you pass a special character, for example:
$fname = $_POST[fname];
$sql="insert into user(fname) value($fname)";
x=(fname)value('Ram's');
This form is called SQL injection. Already (Magic_Quates_GPC)= On otherwise go to PHP ini setting GPC means G for GET, P for POST, and C for COOKIES.
Syntax
addslashes($string_data)
|
Example
php
$x="ram's"."
"."
";
"."
";
echo addslashes($x);
?>
php
$str = "Who's vinod?"."
"."
";
"."
";
echo $str . " This is not safe in a database query.
"."
";
"."
";
echo addslashes($str) . " This is safe in a database query.";
?>
Output
The stripslashes() function
is used to remove backslashes from data. One use of this function is to
display data that addslashes() has been applied to. What this means is
that stripslashes() would change:
I\'m very Powerful
into:
I'm very powerful
Using stripslashes() after mysql_real_escape_string
Syntax
stripslashes(string)
|
Note This function can be used to clean up data retrieved from a database or from an HTML form.
I
have been reading most recently about prevention of SQL injection and I
am trying to develop some sense of understanding among the various
functions so that I can learn the basics.
I
have read about mysql_real_escape_string and I understand that it is
basically escaping characters which it deems "special" so that it is not
confused for SQL syntax?
Example
php
$said = 'Who said \"Live long and prosper\"?'."
"."
";
"."
";
;
print stripslashes($said);
?>
php
echo stripslashes("Who\'s Sharad?");
?>
No comments:
Post a Comment