Re: Auditing Code (security wise)

Posted by Vaughan on 1198248863
also whilst working on the core code, there are many instances where addslashes & stripslashes are used throughout xoops. I understand that addslashes/stripslashes are necessary (or are they?) if magic_quotes_gpc is enabled.

according to some security auditing texts I have read, addslashes & stripslashes should be avoided and replaced with proper sanitizing methods and make use of mysql_real_escape_string() instead.

see http://uk2.php.net/manual/en/function.mysql-real-escape-string.php

or have i misunderstood something?

This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=618&post_id=6662