Changes between Initial Version and Version 1 of Ticket #10041, comment 14
- Timestamp:
- 02/05/2013 05:31:39 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #10041, comment 14
initial v1 1 Yes of course. The problem is that quotes are unavoidable when discussing slashes. Earlier, I was trying to explain to Mark the difference between \% \\% \' and \\\'in LIKE values. Unfortunately, those last 2 examples turned out to be identical, screwing up my point about the need to double-escape slashes and percent chars.1 Yes of course. The problem is that quotes are unavoidable when discussing slashes. Earlier, I was trying to explain to Mark the difference between {{{\% \\% \'}}} and {{{\\\'}}} in LIKE values. Unfortunately, those last 2 examples turned out to be identical, screwing up my point about the need to double-escape slashes and percent chars. 2 2 3 3 In any case, the focus should be on how to implement stripslashes() and escape/prepare so that the like_escape() function doesn't create vulnerabilities.