Jump to content

[SOLVED] Is there a need for mysql_real_escape_string() in this case?

Northern Flame

By Northern Flame
in PHP Coding Help

 Share

Recommended Posts

Northern Flame Advanced Member

Northern Flame

Posted
Posted

I am using the function htmlentities() to protect my website from people

trying to post html on my website, and also I added the ENT_QUOTES

option to the function so that it converts double quotes to " and

converts single quotes ' so is there a need for my to also use

mysql_real_escape_string? I guess what Im asking is if mysql_real_escape_string()

protects against more than single and double quotes.

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Sorry but that dont sound correct md5 no

escapeing,what about if the user is posting a

password and it converted to md5 before getting to the database...............

 

example

<?php
//if a password comming from the form then i think your need to esape the md5...
$password=mysql_real_escape_string(MD5($_POST['password']));

?>

Link to comment
Share on other sites
DyslexicDog Newbie

DyslexicDog

Posted
Posted

Sorry but that dont sound correct md5 no

escapeing,what about if the user is posting a

password and it converted to md5 before getting to the database...............

 

example

<?php
//if a password comming from the form then i think your need to esape the md5...
$password=mysql_real_escape_string(MD5($_POST['password']));

?>

Why? MD5 only returns alphanumeric in my testing. If you MD5 a sql injection attempt, you're only going to get hashed alphanumeric string back. 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.