can I know when does the magic_quotes_gpc start adding slashes and stripping slashes?
I removed my EscapeShellCmd and my data is inserted and retrieved from the database
just as i wanted. The problem now comes when I retrieve that data and immediately
inserted them into another table.. then I get a MySQL error 1064 whenever my value has
a single-quote in it.
$query1 = "select * from table where condition";
if(!($result1 = mysql_query($query1)))
$var = mysql_fetch_array($result1);
$query2 = "insert into table2 set col1='".$var["col1"]."', col2='".$var["col2"]."',
if(!($result2 = mysql_query($query2)))
$query1 works perfectly fine of course.. but $query2 gives me error:
MySQL error: 1064 : You have an error in your SQL syntax near 's Good!', col2 = 'YES',
' at line 15 (# 256).
the value retrieved from the database is: It's Good!
----- Original Message -----
> Ng Hwee Hwee wrote:
> > just a quick question.. does it mean, i don't have to worry that my user may
> > type any commands in my text field that may hurt my system since
> > magic_quotes_gpc is on?
> Heh...of course not. :) All magic_quotes is going to do for you is
> escape quotes within your text. This will help with database queries but
> not much else. You still need to be validating your data...
> ---John Holmes...