my my!! you are so right, John!

thank you so much! i thought I was trying to escape those commands like
<javascript...> but I wasn't aware they were trying to addslashes for me

you are my saviour... thanx so much..

just a quick question.. does it mean, i don't have to worry that my user may
type any commands in my text field that may hurt my system since
magic_quotes_gpc is on?

----- Original Message -----
From: "John W. Holmes" <[EMAIL PROTECTED]>
To: "Ng Hwee Hwee" <[EMAIL PROTECTED]>
Sent: Wednesday, December 10, 2003 12:05 PM
Subject: Re: [PHP-DB] Slashes

> Ng Hwee Hwee wrote:
> > $value = trim(EscapeShellCmd($fieldName));
> >
> > and then i do a $query= "insert into table set name='$value'";
> > i swear i did not add any slashes twice (at least for what i know!!)..
> > there another way that i could have addslashes twice without my
> Heh... look at the output of
> echo EscapeShellCmd("it's not okay");
> Why do you even use EscapeShellCmd? That's the whole purpose of
> magic_quotes_gpc... to escape quotes that'll cause you trouble.
> --
> ---John Holmes...
> Amazon Wishlist:
> php|architect: The Magazine for PHP Professionals –
> --
> PHP Database Mailing List (
> To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to