waynew Posted June 11, 2009 Share Posted June 11, 2009 ...hate addslashes being used instead of mysql_real_escape_string, as much as I do? Seriously. Link to comment https://forums.phpfreaks.com/topic/161861-anyone/ Share on other sites More sharing options...
.josh Posted June 11, 2009 Share Posted June 11, 2009 And I hate mysql_real_escape_string. people just throw it on everything and send it off to the database, as the answer to validation. Someone entered in abcd instead of a phone number? who cares! we mysql_real_ecape_stringed it, it's all good! Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854003 Share on other sites More sharing options...
waynew Posted June 11, 2009 Author Share Posted June 11, 2009 And I hate mysql_real_escape_string. people just throw it on everything and send it off to the database, as the answer to validation. Someone entered in abcd instead of a phone number? who cares! we mysql_real_ecape_stringed it, it's all good! Couldn't agree more. LOL FU H4XORZ YOU CANT HAX MAH DATABA-WAIT WTF IS THIS SHIT Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854008 Share on other sites More sharing options...
Daniel0 Posted June 11, 2009 Share Posted June 11, 2009 And I hate mysql_real_escape_string. people just throw it on everything and send it off to the database, as the answer to validation. Someone entered in abcd instead of a phone number? who cares! we mysql_real_ecape_stringed it, it's all good! Pfft... who needs data integrity? That's just a fancy smart ass buzz word. Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854011 Share on other sites More sharing options...
waynew Posted June 11, 2009 Author Share Posted June 11, 2009 And I hate mysql_real_escape_string. people just throw it on everything and send it off to the database, as the answer to validation. Someone entered in abcd instead of a phone number? who cares! we mysql_real_ecape_stringed it, it's all good! Pfft... who needs data integrity? That's just a fancy smart ass buzz word. GARBAGE WAH? Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854012 Share on other sites More sharing options...
waynew Posted June 11, 2009 Author Share Posted June 11, 2009 No but seriously. You'd have to have had your head under the sand for quiet some time in order to justify using addslashes as a substitute. Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854014 Share on other sites More sharing options...
PugJr Posted June 11, 2009 Share Posted June 11, 2009 CV, guess you'd hate me as I mysql_real_escape_string everything that a user sends that goes into the DB. Also, how much more efficent can an "integrity check" be than mysql_real_escape_string everything that a user submits? Is there a tutorial on this issue that people have made or something? I am quite unaware, apparently. Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854074 Share on other sites More sharing options...
.josh Posted June 11, 2009 Share Posted June 11, 2009 I think you missed the part where instead of having your script check to see if the user actually entered in a (for example) validly formatted number, it just escapes it and sends it on its way. So next thing you know, you have a database full of phone numbers like "abc" "abbclksdfja" etc... which guess what, they are escaped...but they aren't phone numbers! You should have been doing something more like this: $phone = preg_replace('~[^0-9]~','',$_POST['phone']); if (!preg_match('~^[0-9]{10}$~',$phone)) { // tell the user they must supply a valid 10 digit number } else { // $phone is valid. store it and it will be stored as 1234567890 so...no need to escape! } Link to comment https://forums.phpfreaks.com/topic/161861-anyone/#findComment-854082 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.