Re: [PHP] How is this possible???? (addslashes)
On Thu, 17 Feb 2011 07:50:45 +0700, Daniel Brown paras...@gmail.com wrote: No offense, but are you kidding me? The host disables phpinfo() for security reasons, but keeps 4.4.4 running? Talk about running, Paul run away from them. Fast. AND they have a condition (this reported) that could cause (fail to prevent) SQL injection! Legacy configurations remain when ISPs don't want to force customers to do the code changes that might be necessary to upgrade It runs. I'd rather not do the changes necessary to go to PHP5 now. But I cannot add an edit HTML via forms feature to the administration until this is resolved. I want to get to the bottom of this. PLEASE!! ANYONE ??? HOW COULD THIS POSSIBLY HAPPEN. They must have something messed up in the PHP configuration. What is it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How is this possible???? (addslashes)
Can anyone please tell me how the addslashes output (note = Everyone''s a card on the \earth) in the following example is possible. It is addslashes output but this result is consistent with the output from post when runtime is set: 1): a single quote is inserted before a single quote and nothing is added before or \. php: ... --- ?php //error_reporting(E_ALL); echo 'display_errors = ' . ini_get('display_errors') . br; echo 'register_globals = ' . ini_get('register_globals') . br; echo 'magic_quotes_gpc = ' . ini_get('magic_quotes_gpc') . br; echo 'get_magic_quotes_gpc = ' . get_magic_quotes_gpc() . br; echo 'get_magic_quotes_runtime = ' . get_magic_quotes_runtime() . br; echo brbr; echo br; echo 'Current PHP version: ' . phpversion(); echo brbr; ? ?php $note = Everyone's a card on the \earth; echo br$notebr; $note = addslashes($note); echo brnote = $notebr; ? ?php phpinfo(); ? - output: display_errors = 1 register_globals = 1 magic_quotes_gpc = 1 get_magic_quotes_gpc = 1 get_magic_quotes_runtime = 1 Current PHP version: 4.4.4 Everyone's a card on the \earth note = Everyone''s a card on the \earth Warning: phpinfo() has been disabled for security reasons in --- -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible???? (addslashes)
On Feb 16, 2011 7:07 PM, Paul S pau...@roadrunner.com wrote: Can anyone please tell me how the addslashes output (note = Everyone''s a card on the \earth) in the following example is possible. It is addslashes output but this result is consistent with the output from post when runtime is set: 1): a single quote is inserted before a single quote and nothing is added before or \. php: ... --- ?php //error_reporting(E_ALL); echo 'display_errors = ' . ini_get('display_errors') . br; echo 'register_globals = ' . ini_get('register_globals') . br; echo 'magic_quotes_gpc = ' . ini_get('magic_quotes_gpc') . br; echo 'get_magic_quotes_gpc = ' . get_magic_quotes_gpc() . br; echo 'get_magic_quotes_runtime = ' . get_magic_quotes_runtime() . br; echo brbr; echo br; echo 'Current PHP version: ' . phpversion(); echo brbr; ? ?php $note = Everyone's a card on the \earth; echo br$notebr; $note = addslashes($note); echo brnote = $notebr; ? ?php phpinfo(); ? - output: display_errors = 1 register_globals = 1 magic_quotes_gpc = 1 get_magic_quotes_gpc = 1 get_magic_quotes_runtime = 1 Current PHP version: 4.4.4 No offense, but are you kidding me? The host disables phpinfo() for security reasons, but keeps 4.4.4 running? Talk about running, Paul run away from them. Fast. Everyone's a card on the \earth note = Everyone''s a card on the \earth Warning: phpinfo() has been disabled for security reasons in --- -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php