View Single Post
Old 20-02-2009, 02:53 AM
  post #5
code4freedom
လမ္းေလွ်ာက္တတ္စ
 
အသင္း၀င္ေန႔စြဲ: May 2008
ေရးသားခ်က္မ်ား: 18
ေက်းဇူးတင္စကား: 2
ပို႔စ္ 12 ခုအတြက္ 36 ဦးမွ ေက်းဇူးတင္ေၾကာင္းေျပာပါသည္။
code4freedom is on a distinguished road
Icon7 ျပန္စာ - login script ေလးေရးၾကမယ္ (၂)

Hey just for sanitizing, some people usually use mysql_real_escape_string.

So, code will be like this:

Code:
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
That function will clean up all problems from user input. stripslashes is good too, but it will only remove slashes '\' if there is any.

I think your code was assuming magic_quotes_gpc is "on". It is php server variable and after php version 5.3.0, it is deprecated. That means magic quotes are no longer available. So, we better use mysql_real_escape_string to sanitize the data. Only downside is , mysql_real_escape_strting function needs database connection. So, that function can be used only after you connected to database. Your code will be ok, because you already connected to database at the top of your page.

Thanks for your tutorial. Appreciate it . That kind of tutorials will help our community.

Quote:
Originally Posted by ျမတ္ဘုန္းမို View Post

//form ကေနျပန္လာတဲ့ value ေတြကို variable ထဲျပန္ဖမ္းတယ္ . ..
$username = $_POST['user']; // user ဆိုတာက ေအာက္က textbox ရဲ႕ name
$password = $_POST['password'];// password ဆိုတာက ေအာက္က textbox ရဲ႕ name

// Do some basic sanitizing
$username = stripslashes($username);// stripslaches ကိုသိခ်င္ရင္ http://www.php.net/stripslashes မွာၾကည့္
$password = stripslashes($password);

ငါဘာမွမသိေသးပါလားေနာ္ :7:
code4freedom is offline   Reply With Quote
ေအာက္ပါအသင္း၀င္ 6 ဦးတို႔မွ code4freedom အား ေက်းဇူးတင္စကား ေျပာၾကားသြားပါသည္။