Don holio's Profile

About Me:

Last 10 Comments

1

Chris... Nice post but why not use a regex before using addslashes()?

if(!erg('^[[:graph:][:space:]]*$', $string){ exit();}

This would only allow for whitespace and printable characters found in the range of ASCII 33 to 126 (punctuation and alphanumerics).

i.e.

$string = $_POST['$string'];

if(!erg('^[[:graph:][:space:]]*$', $string){ exit();}

$string = addslashes($string);

or why don't you just stick with mysql's default charset setting UTF-8? Please, correct me if i'm wrong.
Posted in /blog/2006/jan/addslashes-versus-mysql-real-escape-string.

Sat, 07 Mar 2009 at 16:34:48: Link

Stats

Member Since: 07 Mar 2009
Comments: 1

Web Site

claimid.com/don_holi

Blog Posts

Top 5 Blog Posts

Save the Internet with rev="canonical"

10 Apr 2009
62 Comments

My Amazon Anniversary

15 Mar 2007
41 Comments

Allowing HTML and Preventing XSS

14 Mar 2007
66 Comments

addslashes() Versus mysql_real_escape_string()

22 Jan 2006
69 Comments

Google XSS Example

21 Dec 2005
36 Comments

Top 5 Articles

Security Corner: Cross-Site Request Forgeries

13 Dec 2004
75 Comments

The Truth about Sessions

15 Dec 2003
77 Comments

Foiling Cross-Site Attacks

14 Oct 2003
68 Comments

Guru Speak: Storing Sessions in a Database

14 Dec 2004
60 Comments

Guru Speak: How to Avoid "Page Has Expired" Warnings

21 Oct 2004
48 Comments

Work and Books

Analog A web design and development co-operative
Essential PHP Security O'Reilly, 2005
HTTP Developer's Handbook Sams, 2003

Footer