Sql Reminder

[Mencarta]

Just a friendly reminder here. If you are making a login system make sure you use: mysql_real_escape_string. This adds a '\' to characters like: ' and ". This prevents people like me from doing this on your password form: ' or 1=1. This closes off the password string and inserts a statement called "OR 1=1". If that happens it will satify the condition because 1 always equals 1. It could also be used to delete your database. Just a friendly reminder. Keep your code secure.

[Redroest]

Ehm this is explained on this very same website. I recommend using this forum for questions purposes

[MrAdam]

I think this is SPAM.. though there's no back link to another website, perhaps the mods removed it?

[Mencarta]

I suppose the main site also tells you to use stripslashes()?

[boen_robot]

Normally, I'd delete a topic like that, and tell the person to go and write this stuff on their site, but in this case... I'm afraid Mencarta has a point, in that even though all of the advanced users in this forum know to use mysql_real_escape_string(), they know so because of the PHP manual, and not the W3Schools' tutorial.I'm moving this topic into the suggestions forum, as an illustration for the W3Schools team that the PHP tutorial needs a note on using mysql_real_escape_string(), as this is indeed important.

[MrAdam]

You're human ! :)My apologies. Though I have seen SPAM that looks like this before.. Idea being somebody posts on a forum about something somewhat related as to not get classed as SPAM, with a back link to their/some website in their signature.

[Mencarta]

I don't have a link to my website...In fact, you could help me with my website. Look in the PHP section.