my my!! you are so right, John!

thank you so much! i thought I was trying to escape those commands like
<javascript...> but I wasn't aware they were trying to addslashes for me
too!

you are my saviour... thanx so much..

just a quick question.. does it mean, i don't have to worry that my user may
type any commands in my text field that may hurt my system since
magic_quotes_gpc is on?


----- Original Message -----
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: "Ng Hwee Hwee" <[EMAIL PROTECTED]>
Cc: "DBList" <[EMAIL PROTECTED]>
Sent: Wednesday, December 10, 2003 12:05 PM
Subject: Re: [PHP-DB] Slashes


> Ng Hwee Hwee wrote:
>
> > $value = trim(EscapeShellCmd($fieldName));
> >
> > and then i do a $query= "insert into table set name='$value'";
> > i swear i did not add any slashes twice (at least for what i know!!)..
is
> > there another way that i could have addslashes twice without my
knowing??
>
> Heh... look at the output of
>
> echo EscapeShellCmd("it's not okay");
>
> Why do you even use EscapeShellCmd? That's the whole purpose of
> magic_quotes_gpc... to escape quotes that'll cause you trouble.
>
> --
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals – www.phparch.com
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to