Jump to content

Archived

This topic is now archived and is closed to further replies.

bilis_money

Making a TEXT FIELD secure!, how?

Recommended Posts

Ok, i'm  trying to make a search box for my website.
and everything is working fine.

now at the moment of testing and looking for holes i notice that
when i type these ~, !, @, #, $, %, ^, &, *< (), (, ., *.* and etc.
it produces error messages or will display all the records and etc.

now i know that this is not intended to do this way but i think this is one of the holes that a cracker can exploit.

I'm was thinking if this can be solve by using stripslashes() or related with this? I'm hoping that you can give me advice on this, on how to remove this problem.


Thank you very much in advance.



Share this post


Link to post
Share on other sites
mysql_escape_string
http://us2.php.net/mysql_escape_string

mysql_real_escape_string
http://us2.php.net/manual/en/function.mysql-real-escape-string.php

Share this post


Link to post
Share on other sites
[quote]
Description
string mysql_escape_string ( string unescaped_string )


This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
[/quote]

It pretty much is sayin that _real_escape is the newer version...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.