[TYPO3-core] PHP requirement version for TYPO3 4.0
Kasper Skårhøj
kasper2006 at typo3.com
Tue Jan 24 16:47:30 CET 2006
Hi Dmitry,
I understand that real_escape.... blabla () escapes more characters.
What I don't understand is why more characters are dangerous? For all
of TYPO3s live we have put binary and what else data into the
database without a single problem using addslashes() (for mysql of
course). Surely all bytes have been tested. Is it combination of
bytes or what? The fact is, it never failed and noone have given an
example of where addslashes() will fail. All they say is that
real_escape...() is better. Not good enough for me.
- kasper
> More explanation is here: http://wonko.com/article/362 - about
> WordPress
> vulnerability with addslashes()
>
> Dmitry.
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-team-core
More information about the TYPO3-team-core
mailing list