RE: [PHP-DB] addslashes + stripslashes + mysql question

2005-05-17 Thread bastien_k 
turn of magic quotes or test for it before using addslashes

Bastien

From: Petzo [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] addslashes + stripslashes + mysql question
Date: Mon, 16 May 2005 11:20:41 +0300

Hi,

 My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:

 I have the following code:

?php
print $t = $_POST['txt'];
print $t = addslashes($t);

@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');

$q = update ttable set ffield='$t';
mysql_query($q);

$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);

print $t = $bo['ffield'];
print $t = stripslashes($t);
?



from a HTML form I send variable:

' \ \' \\ \\\


after addshashes it becomes:

\' \\ \\\'  \\


after that it gets in the database

but after I get it out it becomes:

' \ \' \\ \\\

(without the backslashes!)

and ofcourse after stripslashes it gets messed-up:

' ' \ \


So my question is if this is a normal behaviour for PHP+MYSQL or it may 
vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave 
the
same at most systems.

Thank you very much

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




**

IMPORTANT NOTICE

This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.

This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.

Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.


GWAVAsigAdmID:D8E9019DA2421EF16B6F98046B509684



**

IMPORTANT NOTICE

This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.

This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.

Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.


GWAVAsig
-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] addslashes + stripslashes + mysql question

2005-05-17 Thread capi 
You have the string  ' \ 
With addslashes it becomes  '\ \\ 

When you insert it into the database
it goes into a query like this

update table set field=' '\ \\ ' 

But that inserts into the field only  ' \ ,
in other words the original string. 

It is a normal behaviour and you should 
omit the stripslashes function.

Hope it helps
Firan Corneliu 

On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote:
 Hi,
 
 My question is about the norlmal behaviour of PHP and MYSQL but I cant
 explain it without a simple example. Thank you for reading:
 
 I have the following code:
 
 ?php
 print $t = $_POST['txt'];
 print $t = addslashes($t);
 
@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');
 
$q = update ttable set ffield='$t';
mysql_query($q);
 
$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);
 
 print $t = $bo['ffield'];
 print $t = stripslashes($t);
 ?
 
 
 
 from a HTML form I send variable:
 
 ' \ \' \\ \\\
 
 
 after addshashes it becomes:
 
 \' \\ \\\'  \\
 
 
 after that it gets in the database
 
 but after I get it out it becomes:
 
 ' \ \' \\ \\\
 
 (without the backslashes!)
 
 and ofcourse after stripslashes it gets messed-up:
 
 ' ' \ \
 
 
 So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
 indifferent conficurations or versions of both php or mysql.
 It's not a bad thing to be like that but I wonder if my code will behave the
 same at most systems.
 
 Thank you very much
 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




**

IMPORTANT NOTICE

This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.

This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.

Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.


GWAVAsigAdmID:CC56700AFAAA2AE5B633970BC499478F



**

IMPORTANT NOTICE

This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.

This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.

Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.


GWAVAsig
-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] addslashes + stripslashes + mysql question

2005-05-16 Thread Joseph Crawford 
you might want to check to see if magic quotes GPC is turned on, if it is 
then you are adding slashes twice. You can either turn it off or do not use 
addslashes ;)

-- 
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]

Re: [PHP-DB] addslashes + stripslashes + mysql question

2005-05-16 Thread Firan Corneliu 
You have the string  ' \ 
With addslashes it becomes  '\ \\ 

When you insert it into the database
it goes into a query like this

update table set field=' '\ \\ ' 

But that inserts into the field only  ' \ ,
in other words the original string. 

It is a normal behaviour and you should 
omit the stripslashes function.

Hope it helps
Firan Corneliu 

On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote:
 Hi,
 
 My question is about the norlmal behaviour of PHP and MYSQL but I cant
 explain it without a simple example. Thank you for reading:
 
 I have the following code:
 
 ?php
 print $t = $_POST['txt'];
 print $t = addslashes($t);
 
@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');
 
$q = update ttable set ffield='$t';
mysql_query($q);
 
$q = select * from ttable;
$result = mysql_query($q);
$bo = mysql_fetch_array($result);
 
 print $t = $bo['ffield'];
 print $t = stripslashes($t);
 ?
 
 
 
 from a HTML form I send variable:
 
 ' \ \' \\ \\\
 
 
 after addshashes it becomes:
 
 \' \\ \\\'  \\
 
 
 after that it gets in the database
 
 but after I get it out it becomes:
 
 ' \ \' \\ \\\
 
 (without the backslashes!)
 
 and ofcourse after stripslashes it gets messed-up:
 
 ' ' \ \
 
 
 So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
 indifferent conficurations or versions of both php or mysql.
 It's not a bad thing to be like that but I wonder if my code will behave the
 same at most systems.
 
 Thank you very much
 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] addslashes + stripslashes + mysql question

2005-05-16 Thread Milen Yordanov 
Thank you very much for the reply.
That was what I needed to know.

That this is the Normal behavior and will not vary in different
configurations (exept of the magic_quotes_XXX settings that I'm aware of)


Milen


- Original Message -
From: Firan Corneliu [EMAIL PROTECTED]
To: Petzo [EMAIL PROTECTED]
Cc: php-db@lists.php.net
Sent: Monday, May 16, 2005 4:09 PM
Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question


 You have the string  ' \ 
 With addslashes it becomes  '\ \\ 

 When you insert it into the database
 it goes into a query like this

 update table set field=' '\ \\ ' 

 But that inserts into the field only  ' \ ,
 in other words the original string.

 It is a normal behaviour and you should
 omit the stripslashes function.

 Hope it helps
 Firan Corneliu

 On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote:
  Hi,
 
  My question is about the norlmal behaviour of PHP and MYSQL but I
cant
  explain it without a simple example. Thank you for reading:
 
  I have the following code:
  
  ?php
  print $t = $_POST['txt'];
  print $t = addslashes($t);
 
 @ $db = mysql_pconnect(xxx,xxx,xxx);
 mysql_select_db('test');
 
 $q = update ttable set ffield='$t';
 mysql_query($q);
 
 $q = select * from ttable;
 $result = mysql_query($q);
 $bo = mysql_fetch_array($result);
 
  print $t = $bo['ffield'];
  print $t = stripslashes($t);
  ?
  
 
 
  from a HTML form I send variable:
  
  ' \ \' \\ \\\
  
 
  after addshashes it becomes:
  
  \' \\ \\\'  \\
  
 
  after that it gets in the database
 
  but after I get it out it becomes:
  
  ' \ \' \\ \\\
  
  (without the backslashes!)
 
  and ofcourse after stripslashes it gets messed-up:
  
  ' ' \ \
  
 
  So my question is if this is a normal behaviour for PHP+MYSQL or it may
vary
  indifferent conficurations or versions of both php or mysql.
  It's not a bad thing to be like that but I wonder if my code will behave
the
  same at most systems.
 
  Thank you very much
 



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php