Log in or Sign up

Does this session script strong enough?

Discussion in 'PHP' started by junandya, Dec 22, 2007.

Page 2 of 2

Vio82 Peon

Messages:

27

Likes Received:

0

Best Answers:

0

Trophy Points:

0

#21

htmlspecialchars() is only cut special HTML chars from string =)
So, it don't cut ` or ' understand? )

Vio82, Dec 23, 2007 IP
InFloW Peon

Messages:

1,488

Likes Received:

39

Best Answers:

0

Trophy Points:

0

#22

htmlspecialchars is used to turn < into < and > into > as well as do this for various other html characters. It does not protect against sql injections.

In your case with MySQL you'd want to be using either
http://ca3.php.net/manual/en/function.mysql-escape-string.php

or

http://ca3.php.net/manual/en/function.mysql-real-escape-string.php

real being used when you have a connection so it can assume the right character set when escaping data.

InFloW, Dec 23, 2007 IP
junandya Member

Messages:

79

Likes Received:

1

Best Answers:

0

Trophy Points:

43

#23

I really appreciate your help & explaination guys,....it's clear for me.

junandya, Dec 23, 2007 IP

(You must log in or sign up to reply here.)

Page 2 of 2