All Questions
5 questions
1
vote
1
answer
116
views
Why do so many password tutorials, after hashing a password, use "mysql_real_escape_string"?
I don't see the need, when the input is taken as a string and hashed. Wouldn't hashing it effectively, well, sanitize the input? It seems like a waste of about a couple hundred CPU cycles, not ...
- 147
1
vote
1
answer
247
views
using mysql_real_escape_string in blind code
I have a client which has very large amount of code on its production server, now we are securing this server.
They have SQL vulnerability is there code, so we are adding
these commands in the ...
- 481
-2
votes
5
answers
7k
views
mysql_real_escape_string Not Working with '
I have a form processed with PHP. It contains a field for Notes about the client job.
The problem is that if there is a ' within in the notes - such as it's, O'Reilly, that's etc, it escapes the ...
- 37
-2
votes
3
answers
85
views
How people can use this security hole?
I have browser game. There is message send form.
I didn't make real escape string function to the "message_content" variable.
There is any option, that the user could make after the insert of the ...
0
votes
2
answers
313
views
Should I still escape? $_GET and XSS, SQL Injection and other PHP Security Concerns
If I am retrieving data with $_GET from the URL string and not displaying that data back on a webpage or doing any SQL actions with it, should I still consider using escape, regular expression and ...
- 43