Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[tech] Follow guidelines
#1
stripslashes / database-escaping / addslashes are incorrectly implemented.

When to use addslashes: NEVER

When to use stripslashes: NOT, unless magic_quotes_gpc is turned on. In that case, use the following script to strip all quotes:
PHP Code:
function stripslashes_array($array){
 return 
is_array($array) ? array_map('stripslashes_array'$array) : stripslashes($array);
}
if(
get_magic_quotes_gpc()){
 
$_COOKIE stripslashes_array($_COOKIE);
 
$_GET stripslashes_array($_GET);
 
$_POST stripslashes_array($_POST);
 
$_REQUEST stripslashes_array($_REQUEST);


When to use database-escaping: ALWAYS, but don't forget to filter / check input first.
This fails completely:
PHP Code:
$memo stripslashes($_POST['memo']);
$db->query("UPDATE users SET memo='$memo' where id=".$user['id']); 
And why would you run another stripslashes on the output from the DB?

Better code:
PHP Code:
function getPost($name){
    return isset(
$_POST[$name]) && is_string($_POST[$name]) ? return $_POST[$name] : '';
}
$memo getPost('memo');
$db->query(sprintf('UPDATE users SET memo="%s" WHERE id=%d'$memo$user['id'])); 
Found my post helpful? Rate me Big Grin
Project: creating a compact and easy to setup DSLan (Linux) (Windoze is in development)
#2
Mal so eine Frage ist das nicht der Teil, der bei DS Lan verschlüsselt ist??
[Image: create.php?uid=511]
#3
I believe that the main developers of DS LAN have access to unobfuscated source code.
Found my post helpful? Rate me Big Grin
Project: creating a compact and easy to setup DSLan (Linux) (Windoze is in development)




Users browsing this thread: 2 Guest(s)