You have the string " ' \ "
With addslashes it becomes " '\ \\ "
When you insert it into the database
it goes into a query like this
"update table set field=' '\ \\ ' "
But that inserts into the field only " ' \ ",
in other words the original string.
It is a normal behaviour and you should
om
turn of magic quotes or test for it before using addslashes
Bastien
>From: "Petzo" <[EMAIL PROTECTED]>
>To: php-db@lists.php.net
>Subject: [PHP-DB] addslashes + stripslashes + mysql question
>Date: Mon, 16 May 2005 11:20:41 +0300
>
>Hi,
>
> My question is about the norlmal behaviour of PHP an
turn of magic quotes or test for it before using addslashes
Bastien
From: "Petzo" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] addslashes + stripslashes + mysql question
Date: Mon, 16 May 2005 11:20:41 +0300
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I
ECTED]>
To: "Petzo" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, May 16, 2005 4:09 PM
Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question
> You have the string " ' \ "
> With addslashes it becomes " '\ \\ "
>
> When you insert it
You have the string " ' \ "
With addslashes it becomes " '\ \\ "
When you insert it into the database
it goes into a query like this
"update table set field=' '\ \\ ' "
But that inserts into the field only " ' \ ",
in other words the original string.
It is a normal behaviour and you should
om
you might want to check to see if magic quotes GPC is turned on, if it is
then you are adding slashes twice. You can either turn it off or do not use
addslashes ;)
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
> Use the more specific mysql_escape_string() (or friend) instead.
> You're not supposed to use stripslashes() on data coming from the database
Kk, thanks Jason =)
-Ed
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Tuesday 28 September 2004 02:49, Ed Lazor wrote:
> I'm using PHP to retrieve user input and store it in MySQL. PHP's
> addslashes function is used on data going into the database
Use the more specific mysql_escape_string() (or friend) instead.
> and PHP's
> stripslashes function is being use
> I'm using php addslashes to store data into MySQL and php stripslashes
when
> pulling it back out, but I'm running into trouble when people enter HTML
> code. Do you have any recommendations?
> Here's an example of what I'm talking about:
> ">
> An error occurs if the entry has a value of:
The functions you're wondering about are designed for dealing with inserting
user input into a database. If you have a form in which someone can enter text,
you need to process the input with addslashes() in case the user input contains
quotes. htmlspecialchars() and htmlentities() have similar u
-Original Message-
From: CPT John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
> where my $content value is osmethign like this.
>
lmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
> where my $content value is osmethign like this.
>
> "Step 1: Access the homepage
> Step 2: type in your username under
> where my $content value is osmethign like this.
>
> "Step 1: Access the homepage
> Step 2: type in your username under the field 'username' "
>
> and after the addslashes funciton there would be \ around the 'username'
> like this..
> \'username\'and now after running this program I got an er
> Paul
>
> while ($self != "asleep") {
> $sheep_count++;
> }
> ?>
I have nothing useful to add, except that I nearly spit up my morning coffee
laughing at your signature.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
on 3/5/02 5:35 AM, Andy at [EMAIL PROTECTED] appended the following bits
to my mbox:
> No I was reading in a mysql book, that chars like ' are bad for db
> PHP provides the function addslashes. Is this the way to check for bad
> entries a user provides? What happens
> if a hacker tryes to delete
t: Friday, February 08, 2002 10:34 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] addslashes()
>
>
>At 10:22 -0600 2/8/02, Todd Williamsen wrote:
>>Paul,
>>
>>No kidding I see the problem, that is why I am asking how do I solve
>it.
>
>By writi
and the other doesn't?
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:34 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] addslashes()
At 10:22 -0600 2/8/02, Todd Williamsen wrote:
>Paul,
>
>No kidding I s
0:21 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] addslashes()
>
>
>At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>>Paul,
>>
>>Sorry for the confusion...
>>
>>Ok..
>>
>>I have an application where it organizes candidates f
Paul,
No kidding I see the problem, that is why I am asking how do I solve it.
I don't need the problem re-explained to me 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:21 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE:
At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>Paul,
>
>Sorry for the confusion...
>
>Ok..
>
>I have an application where it organizes candidates for positions for
>HR. There is a Notes field where they can update actions with the
>potential candidate. Now this can be when this person has been
>
to "TEXT" and both queries are the same structure.
I cannot figure it out
If you want the URL to look at it, I will send it to you.
Thanks!
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:00 AM
To: Todd Williamsen; [EMAIL PRO
nting it? Storing it into the
database? Storing it into the database so that you can print it as
a Web page later?
>
>-Original Message-
>From: Paul DuBois [mailto:[EMAIL PROTECTED]]
>Sent: Friday, February 08, 2002 9:40 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subj
Paul..
Going into the database
Coming out of the database
Please read the whole post.. 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:40 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 9:14 -0600
oofy1...
> > > Paul,
> > >
> > > It is being inserted into a database
> > >
> > > -Original Message-
> > > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, February 07, 2002 5:41 PM
> > > To: Todd Willi
t; > It is being inserted into a database
>> >
>> > -Original Message-----
>> > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
>> > Sent: Thursday, February 07, 2002 5:41 PM
>> > To: Todd Williamsen; [EMAIL PROTECTED]
>> > Subject: Re:
; > -Original Message-
> > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 07, 2002 5:41 PM
> > To: Todd Williamsen; [EMAIL PROTECTED]
> > Subject: Re: [PHP-DB] addslashes()
> >
> >
> > At 16:54 -0600 2/7/02, Todd William
t;
> -Original Message-
> From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 07, 2002 5:41 PM
> To: Todd Williamsen; [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] addslashes()
>
>
> At 16:54 -0600 2/7/02, Todd Williamsen wrote:
> >Ok..
> >
&g
Paul,
It is being inserted into a database
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 5:41 PM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
>Ok..
>
&g
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
>Ok..
>
>i tried it out... and it almost works like I want it... weird though
>
>1. when I put in this is BLUE
>
>it prints it in like a bright green. but if i use the RGB # then its fine.
>weird
>
>2. if there is an apostrophe in the notes, then
otes);
- Original Message -
From: "Todd Williamsen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 07, 2002 11:54 PM
Subject: Re: [PHP-DB] addslashes()
> Ok..
>
> i tried it out... and it almost works like I want it... weird though
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in this is BLUE
it prints it in like a bright green. but if i use the RGB # then its fine.
weird
2. if there is an apostrophe in the notes, then it will add slashes it to
that as well
so if I type bl
Try
$Notes = addslashes($Notes);
You where almost right :)
/Alexander
- Original Message -
From: "Todd Williamsen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 07, 2002 11:32 PM
Subject: [PHP-DB] addslashes()
> I have a "Notes" field where users can add notes.
32 matches
Mail list logo
