1.Probably that's because the function mysql_real_escape_string() is turned on.
You can check that in your php.ini configuration.
2. If you want to display them as you wanted, you can use stripcslashes() on your output contents.
3. Maybe phpmyadmin automatically stripped that out.
And
1. Any user input should be escaped before they went to database.
You can use htmlentities(), addslashes(), strip_tags(), etc...
2. You can encapsule those functions in a function, and use it for each user input.
3. No sure. Probably they do.
Anybody any ideas?
Regards,
Shelley
-----Original Message-----
From: Ronald Wiplinger [mailto:ronald@xxxxxxxxx]
Sent: Wednesday, November 14, 2007 9:52 AM
To: PHP General list
Subject: Input field
I added just into a input field"
19" enclosure
which was displayed from the database as:
19\" enclosure
That gives me some questions:
1. where the protecting slash comes from?
2. how can I get it away when I want to display that field?
3. The slash is not to see in phpmyadmin, why not?
and:
1. what else do I need to take care with input fields and if they are going to a mysql database?
2. can I use a function for that kind of protection for each field - or even better just flag it in php to protect?
3. is HTTP_REFERER & session-id enough to make sure that no variables can be injected?
bye
Ronald
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
