+- TWLan Forum (https://twlan.org)
+-- Forum: Legacy (https://twlan.org/forumdisplay.php?fid=61)
+--- Forum: TWLan 1.x (DSLan) (https://twlan.org/forumdisplay.php?fid=62)
+---- Forum: Deutsche Community (https://twlan.org/forumdisplay.php?fid=65)
+----- Forum: Bugs & Feature Requests (https://twlan.org/forumdisplay.php?fid=68)
+----- Thread: [tech] Follow guidelines (/showthread.php?tid=3424)
[tech] Follow guidelines - Lekensteyn - 02.09.2010
stripslashes / database-escaping / addslashes are incorrectly implemented.
When to use addslashes: NEVER
When to use stripslashes: NOT, unless magic_quotes_gpc is turned on. In that case, use the following script to strip all quotes:
PHP Code:
function stripslashes_array($array){
return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
}
if(get_magic_quotes_gpc()){
$_COOKIE = stripslashes_array($_COOKIE);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
$_REQUEST = stripslashes_array($_REQUEST);
}
When to use database-escaping: ALWAYS, but don't forget to filter / check input first.
This fails completely:
PHP Code:
$memo = stripslashes($_POST['memo']);
$db->query("UPDATE users SET memo='$memo' where id=".$user['id']);
Better code:
PHP Code:
function getPost($name){
return isset($_POST[$name]) && is_string($_POST[$name]) ? return $_POST[$name] : '';
}
$memo = getPost('memo');
$db->query(sprintf('UPDATE users SET memo="%s" WHERE id=%d', $memo, $user['id']));
RE: [tech] Follow guidelines - abbar-2 - 02.09.2010
Mal so eine Frage ist das nicht der Teil, der bei DS Lan verschlüsselt ist??
RE: [tech] Follow guidelines - Lekensteyn - 03.09.2010
I believe that the main developers of DS LAN have access to unobfuscated source code.