turn of magic quotes or test for it before using addslashes
Bastien
From: Petzo [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] addslashes + stripslashes + mysql question
Date: Mon, 16 May 2005 11:20:41 +0300
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but
You have the string ' \
With addslashes it becomes '\ \\
When you insert it into the database
it goes into a query like this
update table set field=' '\ \\ '
But that inserts into the field only ' \ ,
in other words the original string.
It is a normal behaviour and you should
omit the
you might want to check to see if magic quotes GPC is turned on, if it is
then you are adding slashes twice. You can either turn it off or do not use
addslashes ;)
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
You have the string ' \
With addslashes it becomes '\ \\
When you insert it into the database
it goes into a query like this
update table set field=' '\ \\ '
But that inserts into the field only ' \ ,
in other words the original string.
It is a normal behaviour and you should
omit the
[EMAIL PROTECTED]
Cc: php-db@lists.php.net
Sent: Monday, May 16, 2005 4:09 PM
Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question
You have the string ' \
With addslashes it becomes '\ \\
When you insert it into the database
it goes into a query like this
update table set field
On Tuesday 28 September 2004 02:49, Ed Lazor wrote:
I'm using PHP to retrieve user input and store it in MySQL. PHP's
addslashes function is used on data going into the database
Use the more specific mysql_escape_string() (or friend) instead.
and PHP's
stripslashes function is being used
Use the more specific mysql_escape_string() (or friend) instead.
You're not supposed to use stripslashes() on data coming from the database
Kk, thanks Jason =)
-Ed
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm using php addslashes to store data into MySQL and php stripslashes
when
pulling it back out, but I'm running into trouble when people enter HTML
code. Do you have any recommendations?
Here's an example of what I'm talking about:
input name=Title value=?php echo
The functions you're wondering about are designed for dealing with inserting
user input into a database. If you have a form in which someone can enter text,
you need to process the input with addslashes() in case the user input contains
quotes. htmlspecialchars() and htmlentities() have similar
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error
: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton
: CPT John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2
on 3/5/02 5:35 AM, Andy at [EMAIL PROTECTED] appended the following bits
to my mbox:
No I was reading in a mysql book, that chars like ' are bad for db
PHP provides the function addslashes. Is this the way to check for bad
entries a user provides? What happens
if a hacker tryes to delete my
day, February 07, 2002 5:41 PM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/fon
Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/font
it prints it in lik
iamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/font
it prints it in like a bright gree
Paul..
Going into the database
Coming out of the database
Please read the whole post.. 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:40 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 9:14 -0600
it into the database so that you can print it as
a Web page later?
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:40 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 9:14 -0600 2/8/02, Todd Williamsen wrote:
So if I
At 10:06 -0600 2/8/02, Todd Williamsen wrote:
Paul,
Sorry for the confusion...
Ok..
I have an application where it organizes candidates for positions for
HR. There is a Notes field where they can update actions with the
potential candidate. Now this can be when this person has been
Paul,
No kidding I see the problem, that is why I am asking how do I solve it.
I don't need the problem re-explained to me 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:21 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP
of these are particularly attractive. It's an ugly problem; I suspect
it has no pretty solution.
I don't need the problem re-explained to me 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:21 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP
and the other doesn't?
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:34 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] addslashes()
At 10:22 -0600 2/8/02, Todd Williamsen wrote:
Paul,
No kidding I see the problem
: RE: [PHP-DB] addslashes()
At 10:22 -0600 2/8/02, Todd Williamsen wrote:
Paul,
No kidding I see the problem, that is why I am asking how do I solve
it.
By writing a content parser that is intelligent enough to recognize HTML
constructs and pass them through literally, while recognizing when your
Try
$Notes = addslashes($Notes);
You where almost right :)
/Alexander
- Original Message -
From: Todd Williamsen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 07, 2002 11:32 PM
Subject: [PHP-DB] addslashes()
I have a Notes field where users can add notes. Now,
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/font
it prints it in like a bright green. but if i use the RGB # then its fine.
weird
2. if there is an apostrophe in the notes, then it will add slashes it to
that
-
From: Todd Williamsen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 07, 2002 11:54 PM
Subject: Re: [PHP-DB] addslashes()
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/font
it prints
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried it out... and it almost works like I want it... weird though
1. when I put in pfont color=bluethis is BLUE/p/font
it prints it in like a bright green. but if i use the RGB # then its fine.
weird
2. if there is an apostrophe in
Paul,
It is being inserted into a database
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 5:41 PM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried
--
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 5:41 PM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
Ok..
i tried it out... and it almost works like I want it... weird though
1. wh
29 matches
Mail list logo
