colder Wed Apr 12 15:16:34 2006 UTC
Modified files:
/phpdoc/en/security database.xml
Log:
Recommend pg_escape_string instead of addslashes in the example (spotted by
[EMAIL PROTECTED])
http://cvs.php.net/viewcvs.cgi/phpdoc/en/security/database.xml?r1=1.11&r2=1.12&diff_format=u
Index: phpdoc/en/security/database.xml
diff -u phpdoc/en/security/database.xml:1.11
phpdoc/en/security/database.xml:1.12
--- phpdoc/en/security/database.xml:1.11 Mon Feb 14 14:09:59 2005
+++ phpdoc/en/security/database.xml Wed Apr 12 15:16:34 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.11 $ -->
+<!-- $Revision: 1.12 $ -->
<!-- splitted from ./index.xml, last change in rev 1.66 -->
<chapter id="security.database">
<title>Database Security</title>
@@ -121,12 +121,12 @@
// storing password hash
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
- addslashes($username), md5($password));
+ pg_escape_string($username), md5($password));
$result = pg_query($connection, $query);
// querying if user submitted the right password
$query = sprintf("SELECT 1 FROM users WHERE name='%s' AND pwd='%s';",
- addslashes($username), md5($password));
+ pg_escape_string($username), md5($password));
$result = pg_query($connection, $query);
if (pg_num_rows($result) > 0) {
