[thelist] Form Security

DAVOUD TOHIDY dtohidy at hotmail.com
Tue Jul 20 15:30:54 CDT 2010

> I can only verify it's a valid card (using security code or zip code).
> I can't ask them "Did you steal this credit card?" and expect a
> truthful response if they did ;).

Actually through a search I came across the following pdf file:


>From what I see on the page 2 of the above pdf file considering the following statement:

"However, before calling a database’s own escaping mechanism, it’s important to check the state of magic quotes. If magic quotes is enabled, remove any backslashes (\) it may have added;otherwise, the input will be doubly-escaped, effectively corrupting it (because it differs from  the input supplied by the user)."

I need to change the code to :

if (get_magic_quotes_gpc()) {
$name = stripslashes($_POST['name']);
$name = mysql_real_escape_string(strip_tags(htmlentities(trim($name))));

Could you correct me if I am wrong please?


MSN Dating: Find someone special. Start now.

More information about the thelist mailing list