开发者

Is there a reason why I need to use stripslashes for user submitted data?

What do people use stripslashes for and is it typically used in co开发者_Go百科njunction with addslashes? Why should I strip or add slashes to a string that's submitted by a user?


You should always sanitize the user's input. But not with addslashes()... If you want to compose a query with the user's input, use the proper database escaping mechanism (look into mysql_real_escape_string() and PDO prepared statements).

The reason for sanitizing user input is security. Read about SQL injection and cross-site scripting, which are the two most common security problems arising from un-sanitized input.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜