[nycphp-talk] Best practice for escaping data
Chris Shiflett
shiflett at php.net
Thu Feb 15 19:30:12 EST 2007
Randal Rust wrote:
> In order to work in this new environment, I just added
> addslashes() to all of the data, but now it won't pass the
> validateMixed() function because of the backslashes.
That sounds as bad as enabling magic quotes. There's a function on the
NYPHP web site called fix_magic_quotes() that you can use to repair data
that has been mangled:
http://nyphp.org/phundamentals/storingretrieving.php
As an aside, your filtering looks very lenient. What is the purpose of
that particular function?
Chris
--
Chris Shiflett
http://shiflett.org/
More information about the talk
mailing list