my my!! you are so right, John!
thank you so much! i thought I was trying to escape those commands like
you are my saviour... thanx so much..
just a quick question.. does it mean, i don't have to worry that my user may
type any commands in my text field that may hurt my system since
magic_quotes_gpc is on?
----- Original Message -----
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: "Ng Hwee Hwee" <[EMAIL PROTECTED]>
Cc: "DBList" <[EMAIL PROTECTED]>
Sent: Wednesday, December 10, 2003 12:05 PM
Subject: Re: [PHP-DB] Slashes
> Ng Hwee Hwee wrote:
> > $value = trim(EscapeShellCmd($fieldName));
> > and then i do a $query= "insert into table set name='$value'";
> > i swear i did not add any slashes twice (at least for what i know!!)..
> > there another way that i could have addslashes twice without my
> Heh... look at the output of
> echo EscapeShellCmd("it's not okay");
> Why do you even use EscapeShellCmd? That's the whole purpose of
> magic_quotes_gpc... to escape quotes that'll cause you trouble.
> ---John Holmes...
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
> php|architect: The Magazine for PHP Professionals – www.phparch.com
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php