Is this okay?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
mikelbring
Forum Commoner
Posts: 38
Joined: Sat Jan 05, 2008 5:28 pm

Is this okay?

Post by mikelbring »

After I run a mysql_real_escape_string on a variable is it okay to also run stripslashes? There is a reason for this and I do have magic quotes turned off.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: Is this okay?

Post by jaoudestudios »

I dont think so. If you run strip slashes after your mysql_real_escape_string you will be reversing and reducing your security.

Hopefully some one can clarify :)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Is this okay?

Post by Mordred »

jaoudestudios is right. I actually think you shouldn't have any reason to use stripslashes at all. (besides countering magic quotes if the hosting will not just turn them off)
Post Reply