Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


mysql_real_escape_string() filter_list
Author
Message
phiber Offline
Junior Member
Eleven Years of Service
Posts: 16
Threads: 6
Reputation: 0

Points: 0NSP
mysql_real_escape_string() 01-17-2014, 06:26 AM #1
how can a hacker bypass query filters like addslashes() and mysql_real_escape_string() in a POST parameter?
thanks. I'v searched in google to use multibyte character encoding but it seems slashes are still added to the query.
are those filters good enough to protect my site?

Reply

Slarek Offline
Posting Freak
Eleven Years of Service
Posts: 965
Threads: 18
Reputation: 0

Points: 0NSP
RE: mysql_real_escape_string() 01-17-2014, 06:47 AM #2
You should use PDO or mysqli.


Reply

idiot Offline
Junior Member
Eleven Years of Service
Posts: 9
Threads: 1
Reputation: 0

Points: 0NSP
RE: mysql_real_escape_string() 01-23-2014, 03:46 PM #3
dont use addslashes, only the second one and nothing will happen

Reply







Users browsing this thread: 1 Guest(s)