There was a question about using stripslashes and mysql_real_escape_string on a password before hashing it and storing it. And the stripping or escaping before the hashing isn't necessary as the special characters don't carry meaning to the hashing function.However, is it possible that certain hash results may create dangerous SQL queries? I realize that with a sufficient hash and a salt that there's such a small chance of this happening intentionally, but would it still be a good practice to run a strip and escape on the hashed results?
Can hash output be dangerous for SQL Queries?
- Thread starter coaxke90
- Start date