Re: Checking password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Panquekas wrote:
> Hello,
> 
> I just want to ask if when I have the magic_quotes_gpc ON and use the
> preg_quote is there an problem? One doesn't eliminate the other or does?

magic_quotes_gpc sucks - I recommend turning it off, for portability (when your
running on a machine with magic_quotes_gpc on, you could consider a bit of
code that conditionally undoes the add_slashes.

> 
> Anyway, I'm trying to insert values to the DataBase in a secure way.. by
> checking the special chars (with preg_quote), htmlentities is this a good
> policie?

bad bad bad.
preg_quote is specifically for escaping strings you intend to use inside a regular
expression that you feed to one of the preg_*() functions, it's purpose to make it
easy for you to use strings that may contain characters that have special meaning to
preg_*() in situations where you want the literal character to be used as part of the
assertion.

let's assume your database is mysql, then you should be using mysql_real_escape_string()
to escape data that will become part of your SQL queries ... the fact that magic_quotes_gpc
is on will make this more problematic because you really want to get rid of the automatically
added slashes because other wise you'll end up with slashes in text that has been entered into
your database that were actually meant to be escape characters.

I hope that is a little clear, probably not heh! anyway go have a read and a play with mysql_real_escape_string()
and do a bit of research about magic_quotes_gpc and see how far you get ... you can always
come back here if your head starts to spin.

> 
> Thanks in advance.
> 
> PS: Sorry my english, I'm a little rusted :)

we recommend Rusteze(r) medicated bumper ointment, "you too could look like me, kachow!"

(that comment couldn't be helped, I've watched 'Cars', the movie, about 300 times)

> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux