FUDforum: comp.lang.php » magic_quotes

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?

Show: Today's Messages :: Polls :: Message Navigator

Re: magic_quotes_gpc() on or off? [message #173888 is a reply to message #173875]

Wed, 11 May 2011 15:29

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 5/11/2011 7:49 AM, Simon wrote:
> On 5/11/2011 12:38 PM, Jerry Stuckle wrote:
>
>>>
>>> // get a proper MySQL connection for mysql_real_escape_string() to work.
>>> ...
>>> //
>>> //
>>> $data = 'H\hi'; // a random string that I want to save 'as is' in the
>>> db. Note the 'escaped' character.
>>>
>>
>> First of all, '\h' is not a valid escape character. If you actually want
>> a backslash there, you need to use '\\h'. Using invalid character
>> combinations leads to unpredictable results.
>
> I never said I wanted to save \h as an escape character.
> I want to save the string 'H\hi' as is, (as used in the date() function
> for example).
>

Then you must use 'h\\hi'. Backslash is an escape character.

>>
>>> //
>>> // now try and save it to the db
>>> //
>>> // Stripslashes if need be
>>> if (get_magic_quotes_gpc())
>>> {
>>> $data = stripslashes($data);
>>> }
>>>
>>
>> Why are you stripping slashes BEFORE storing the data?
>> magic_quotes_gpc() affects data RETRIEVED from the database.
>
>
> As per my original post, this is what the doc suggests.
>
> http://php.net/manual/en/function.mysql-real-escape-string.php
>
> "If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
> Using this function on data which has already been escaped will escape
> the data twice."
>

If the data has previously been escaped, yes. In your case, it has not.

>>
>>> // escape
>>> $data = mysql_real_escape_string($data);
>>>
>>> echo $data;
>>> /////////////////////////////////////////////////////////////////////////// /
>>>
>>>
>>>
>>>
>>> You will see that the data has become 'Hhi', the '\' has been stripped,
>>> and the data is no longer saved as expected.
>>>
>>
>> As I would expect, as indicated above.
>
> As indicated in my previous post this is what the doc says.
> Unless I misunderstood the doc.
>

You are misunderstanding the doc.

>>>
>>
>> I never run with magic_quotes_gpc() on, and won't recommend a host who
>> runs with it on. If they don't know enough to turn off something which
>> has been deprecated for years, I'm not sure what else they are clueless
>> about.
>
> That's beside the point, but I agree.
>
> Thanks
>
> Simon

Actually, it is a major point.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 07:28
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 10:38
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:49
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 15:29
		Re: magic_quotes_gpc() on or off? By: Michael Fesser on Fri, 13 May 2011 19:25
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Fri, 13 May 2011 22:44
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 10:45
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:53
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 14:13
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 14:15

Previous Topic:	Re: A question about refresh
Next Topic:	Program to Submit to forms

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 23 09:21:11 GMT 2024

Total time taken to generate the page: 0.04076 seconds