I am testing how secure is to use stripslashes()
I tried the following :
$str = chr(0xbf) . chr(0x27);
var_dump(stripslashes($str)); // string(2) " �' "
Then I changed it to this :
$str = $_POST['input']; // %bf%27;
var_dump(stripslashes($str)); // string(3) " �'' "
Then I used curl to send input
data :
curl_setopt($ch, CURLOPT_POSTFIELDS, 'input=' . chr(0xbf) . chr(0x27));
but again result was : string(3) " �'' "
Is it possible to get result as in First example when data is received from another server? Will it be secure to use stripslashes()
?