I am testing how secure is to use \[code\]stripslashes()\[/code\]I tried the following :\[code\] $str = chr(0xbf) . chr(0x27); var_dump(stripslashes($str)); // string(2) " ?' "\[/code\]Then I changed it to this :\[code\] $str = $_POST['input']; // %bf%27; var_dump(stripslashes($str)); // string(3) " ?'' "\[/code\]Then I used curl to send \[code\]input\[/code\] data :\[code\] curl_setopt($ch, CURLOPT_POSTFIELDS, 'input=' . chr(0xbf) . chr(0x27));\[/code\]but again result was : \[code\]string(3) " ?'' "\[/code\]Is it possible to get result as in First example when data is received from another server? Will it be secure to use \[code\]stripslashes()\[/code\] ?
stripslashes security testing
- Thread starter shahol
- Start date