RE: [PHP-DB] addslashes + stripslashes + mysql question
turn of magic quotes or test for it before using addslashes Bastien From: Petzo [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] addslashes + stripslashes + mysql question Date: Mon, 16 May 2005 11:20:41 +0300 Hi, My question is about the norlmal behaviour of PHP and MYSQL but I cant explain it without a simple example. Thank you for reading: I have the following code: ?php print $t = $_POST['txt']; print $t = addslashes($t); @ $db = mysql_pconnect(xxx,xxx,xxx); mysql_select_db('test'); $q = update ttable set ffield='$t'; mysql_query($q); $q = select * from ttable; $result = mysql_query($q); $bo = mysql_fetch_array($result); print $t = $bo['ffield']; print $t = stripslashes($t); ? from a HTML form I send variable: ' \ \' \\ \\\ after addshashes it becomes: \' \\ \\\' \\ after that it gets in the database but after I get it out it becomes: ' \ \' \\ \\\ (without the backslashes!) and ofcourse after stripslashes it gets messed-up: ' ' \ \ So my question is if this is a normal behaviour for PHP+MYSQL or it may vary indifferent conficurations or versions of both php or mysql. It's not a bad thing to be like that but I wonder if my code will behave the same at most systems. Thank you very much -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsigAdmID:D8E9019DA2421EF16B6F98046B509684 ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] addslashes + stripslashes + mysql question
You have the string ' \ With addslashes it becomes '\ \\ When you insert it into the database it goes into a query like this update table set field=' '\ \\ ' But that inserts into the field only ' \ , in other words the original string. It is a normal behaviour and you should omit the stripslashes function. Hope it helps Firan Corneliu On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote: Hi, My question is about the norlmal behaviour of PHP and MYSQL but I cant explain it without a simple example. Thank you for reading: I have the following code: ?php print $t = $_POST['txt']; print $t = addslashes($t); @ $db = mysql_pconnect(xxx,xxx,xxx); mysql_select_db('test'); $q = update ttable set ffield='$t'; mysql_query($q); $q = select * from ttable; $result = mysql_query($q); $bo = mysql_fetch_array($result); print $t = $bo['ffield']; print $t = stripslashes($t); ? from a HTML form I send variable: ' \ \' \\ \\\ after addshashes it becomes: \' \\ \\\' \\ after that it gets in the database but after I get it out it becomes: ' \ \' \\ \\\ (without the backslashes!) and ofcourse after stripslashes it gets messed-up: ' ' \ \ So my question is if this is a normal behaviour for PHP+MYSQL or it may vary indifferent conficurations or versions of both php or mysql. It's not a bad thing to be like that but I wonder if my code will behave the same at most systems. Thank you very much -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsigAdmID:CC56700AFAAA2AE5B633970BC499478F ** IMPORTANT NOTICE This communication is for the exclusive use of the intended recipient(s) named above. If you receive this communication in error, you should notify the sender by e-mail or by telephone (+44) 191 224 4461, delete it and destroy any copies of it. This communication may contain confidential information and material protected by copyright, design right or other intellectual property rights which are and shall remain the property of Piranha Studios Limited. Any form of distribution, copying or other unauthorised use of this communication or the information in it is strictly prohibited. Piranha Studios Limited asserts its rights in this communication and the information in it and reserves the right to take action against anyone who misuses it or the information in it. Piranha Studios Limited cannot accept any liability sustained as a result of software viruses and would recommend that you carry out your own virus checks before opening any attachment. GWAVAsig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] addslashes + stripslashes + mysql question
you might want to check to see if magic quotes GPC is turned on, if it is then you are adding slashes twice. You can either turn it off or do not use addslashes ;) -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED]
Re: [PHP-DB] addslashes + stripslashes + mysql question
You have the string ' \ With addslashes it becomes '\ \\ When you insert it into the database it goes into a query like this update table set field=' '\ \\ ' But that inserts into the field only ' \ , in other words the original string. It is a normal behaviour and you should omit the stripslashes function. Hope it helps Firan Corneliu On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote: Hi, My question is about the norlmal behaviour of PHP and MYSQL but I cant explain it without a simple example. Thank you for reading: I have the following code: ?php print $t = $_POST['txt']; print $t = addslashes($t); @ $db = mysql_pconnect(xxx,xxx,xxx); mysql_select_db('test'); $q = update ttable set ffield='$t'; mysql_query($q); $q = select * from ttable; $result = mysql_query($q); $bo = mysql_fetch_array($result); print $t = $bo['ffield']; print $t = stripslashes($t); ? from a HTML form I send variable: ' \ \' \\ \\\ after addshashes it becomes: \' \\ \\\' \\ after that it gets in the database but after I get it out it becomes: ' \ \' \\ \\\ (without the backslashes!) and ofcourse after stripslashes it gets messed-up: ' ' \ \ So my question is if this is a normal behaviour for PHP+MYSQL or it may vary indifferent conficurations or versions of both php or mysql. It's not a bad thing to be like that but I wonder if my code will behave the same at most systems. Thank you very much -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] addslashes + stripslashes + mysql question
Thank you very much for the reply. That was what I needed to know. That this is the Normal behavior and will not vary in different configurations (exept of the magic_quotes_XXX settings that I'm aware of) Milen - Original Message - From: Firan Corneliu [EMAIL PROTECTED] To: Petzo [EMAIL PROTECTED] Cc: php-db@lists.php.net Sent: Monday, May 16, 2005 4:09 PM Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question You have the string ' \ With addslashes it becomes '\ \\ When you insert it into the database it goes into a query like this update table set field=' '\ \\ ' But that inserts into the field only ' \ , in other words the original string. It is a normal behaviour and you should omit the stripslashes function. Hope it helps Firan Corneliu On Mon, 2005-05-16 at 11:20 +0300, Petzo wrote: Hi, My question is about the norlmal behaviour of PHP and MYSQL but I cant explain it without a simple example. Thank you for reading: I have the following code: ?php print $t = $_POST['txt']; print $t = addslashes($t); @ $db = mysql_pconnect(xxx,xxx,xxx); mysql_select_db('test'); $q = update ttable set ffield='$t'; mysql_query($q); $q = select * from ttable; $result = mysql_query($q); $bo = mysql_fetch_array($result); print $t = $bo['ffield']; print $t = stripslashes($t); ? from a HTML form I send variable: ' \ \' \\ \\\ after addshashes it becomes: \' \\ \\\' \\ after that it gets in the database but after I get it out it becomes: ' \ \' \\ \\\ (without the backslashes!) and ofcourse after stripslashes it gets messed-up: ' ' \ \ So my question is if this is a normal behaviour for PHP+MYSQL or it may vary indifferent conficurations or versions of both php or mysql. It's not a bad thing to be like that but I wonder if my code will behave the same at most systems. Thank you very much -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php