Hi there,

I wonder if I can use the VTK for inserting into my database with DA. Do I have to use, htmlentities, addslashes or mysql_real_escape_string?

Denis

DA should actually take care of those things without VTK.

you mean the latest version?

cause the old one, does only use addslashes.

what was fixed in the update?

It may not use these specific functions, but it has security that should prevent any SQL injections, which is what your concern is.

There are no reported cases of SQL injection with the current code. If you have an example of a security hole that can be exploited we would be very interested, but I don't think you can find one even without using VTK.

So, I can use, DA without any extra security? What happens if PHP6 comes out? there is no longer addslashes?

So no, injection is possible with useing DA the normal way?

addslashes is supposed to continue to work in php6... they are just getting rid of magicquotesGPC, which would call that function automatically.

If there is an incompatability for some reason for PHP6 we will create an update to address the problem.