Page 1 of 1
phpbb.com and google xss vun
Posted: Tue Feb 28, 2006 4:32 pm
by neophyte
phpBB.com is down today for mantainence. I also just finished reading about this:
http://shiflett.org/archive/184
Comments anyone?
Posted: Tue Feb 28, 2006 4:59 pm
by John Cartwright
Pretty much speaks for itself, and has been recommended to not use addslashes to validate mysql strings for quite some time now.
Posted: Tue Feb 28, 2006 5:08 pm
by neophyte
Am I correct in assuming that str_replace is not any better?
Posted: Tue Feb 28, 2006 5:17 pm
by John Cartwright
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
Why would you want to use str_replace when you could simply use mysql_real_escape_string() ?
Posted: Tue Feb 28, 2006 6:03 pm
by neophyte
It's not me. I'm sold. It's phpBB...