FUDforum: comp.lang.php » magic_quotes

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?

Show: Today's Messages :: Polls :: Message Navigator

Re: magic_quotes_gpc() on or off? [message #173875 is a reply to message #173872]

Wed, 11 May 2011 11:49

Simon
Messages: 29
Registered: February 2011

Karma:

Junior Member

On 5/11/2011 12:38 PM, Jerry Stuckle wrote:

>>
>> // get a proper MySQL connection for mysql_real_escape_string() to work.
>> ...
>> //
>> //
>> $data = 'H\hi'; // a random string that I want to save 'as is' in the
>> db. Note the 'escaped' character.
>>
>
> First of all, '\h' is not a valid escape character. If you actually want
> a backslash there, you need to use '\\h'. Using invalid character
> combinations leads to unpredictable results.

I never said I wanted to save \h as an escape character.
I want to save the string 'H\hi' as is, (as used in the date() function
for example).

>
>> //
>> // now try and save it to the db
>> //
>> // Stripslashes if need be
>> if (get_magic_quotes_gpc())
>> {
>> $data = stripslashes($data);
>> }
>>
>
> Why are you stripping slashes BEFORE storing the data?
> magic_quotes_gpc() affects data RETRIEVED from the database.

As per my original post, this is what the doc suggests.

http://php.net/manual/en/function.mysql-real-escape-string.php

"If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
Using this function on data which has already been escaped will escape
the data twice."

>
>> // escape
>> $data = mysql_real_escape_string($data);
>>
>> echo $data;
>> /////////////////////////////////////////////////////////////////////////// /
>>
>>
>>
>> You will see that the data has become 'Hhi', the '\' has been stripped,
>> and the data is no longer saved as expected.
>>
>
> As I would expect, as indicated above.

As indicated in my previous post this is what the doc says.
Unless I misunderstood the doc.

>>
>
> I never run with magic_quotes_gpc() on, and won't recommend a host who
> runs with it on. If they don't know enough to turn off something which
> has been deprecated for years, I'm not sure what else they are clueless
> about.

That's beside the point, but I agree.

Thanks

Simon

Report message to a moderator

[Message index]

		magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 07:28
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 10:38
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:49
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 15:29
		Re: magic_quotes_gpc() on or off? By: Michael Fesser on Fri, 13 May 2011 19:25
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Fri, 13 May 2011 22:44
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 10:45
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:53
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 14:13
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 14:15

Previous Topic:	Re: A question about refresh
Next Topic:	Program to Submit to forms

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jul 05 19:55:33 GMT 2024

Total time taken to generate the page: 0.05004 seconds