RE: [PHP] Re: ' (Single Quotes) in user inputs
Also, you probably want to do a string replace of some kind and make the single quote a double single-quote ' to '' I don't know if that's how MySQL does it, but that's how SQL Server escapes single quotes and I believe other DBs do as well. Just something to look into because I think the \' might not work on DBs that use ''. -TG -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 8:59 PM To: Jerry Swanson Cc: Christian Jul Jensen; [EMAIL PROTECTED] Subject: Re: [PHP] Re: ' (Single Quotes) in user inputs Jerry Swanson wrote: I'm not sure that stripslashes() are used for input. If you want to redisplay the input, then it would be used. addslashes() - to insert data into database stripslashes() - to get data from database and print it. You don't need stripslashes when pulling data unless you have magic_quotes_runtime enabled. If you find that you need to call stripslashes on your data, then you're escaping it twice before you insert it. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals - www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: ' (Single Quotes) in user inputs
[EMAIL PROTECTED] (Ben) writes: Any ideas on dealing with this would be greatly appreciated. Disable magic_quotes, and handle all escaping of characters yourself, I would absolutely prefer that. But beware of sql-injection. Leave magic_quotes on, and use stripslashes() on your input. -- Christian Jul Jensen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ' (Single Quotes) in user inputs
I'm not sure that stripslashes() are used for input. addslashes() - to insert data into database stripslashes() - to get data from database and print it. On 14 Oct 2004 11:19:14 +0200, Christian Jul Jensen [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Ben) writes: Any ideas on dealing with this would be greatly appreciated. Disable magic_quotes, and handle all escaping of characters yourself, I would absolutely prefer that. But beware of sql-injection. Leave magic_quotes on, and use stripslashes() on your input. -- Christian Jul Jensen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ' (Single Quotes) in user inputs
Jerry Swanson wrote: I'm not sure that stripslashes() are used for input. If you want to redisplay the input, then it would be used. addslashes() - to insert data into database stripslashes() - to get data from database and print it. You don't need stripslashes when pulling data unless you have magic_quotes_runtime enabled. If you find that you need to call stripslashes on your data, then you're escaping it twice before you insert it. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
