[thelist] Form Security

Jack Timmons codeacula at codeacula.com
Tue Jul 20 15:38:18 CDT 2010


On Tue, Jul 20, 2010 at 3:30 PM, DAVOUD TOHIDY <dtohidy at hotmail.com> wrote:
> if (get_magic_quotes_gpc()) {
> $name = stripslashes($_POST['name']);
> }
> $name = mysql_real_escape_string(strip_tags(htmlentities(trim($name))));

On Tue, Jul 20, 2010 at 8:42 AM, Jack Timmons <codeacula at codeacula.com> wrote:
> Then, you're running stripslashes, which...well, if you read the
> documentation on stripslashes in PHP, you'd understand what you need
> to do to see if you should run stripslashes.

That would be a good start. Make sure you, as suggested, go over the
documentation and see why, the examples, etc.

-- 
Jack Timmons
@_Codeacula


More information about the thelist mailing list