Re: [PHP] How is this possible???? (addslashes)
On Thu, 17 Feb 2011 07:50:45 +0700, Daniel Brown wrote: No offense, but are you kidding me? The host disables phpinfo() for security reasons, but keeps 4.4.4 running? Talk about running, Paul run away from them. Fast. AND they have a condition (this reported) that could cause (fail to prevent) SQL injection! "Legacy" configurations remain when ISPs don't want to force customers to do the code changes that might be necessary to upgrade It runs. I'd rather not do the changes necessary to go to PHP5 now. But I cannot add an edit HTML via forms feature to the administration until this is resolved. I want to get to the bottom of this. PLEASE!! ANYONE ??? HOW COULD THIS POSSIBLY HAPPEN. They must have something messed up in the PHP configuration. What is it? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How is this possible???? (addslashes)
On Feb 16, 2011 7:07 PM, "Paul S" wrote:
>
> Can anyone please tell me how the addslashes output ("note = Everyone''s a
> card on the \earth") in the following example is possible. It is
> "addslashes" output but this result is consistent with the output from
> "post" when runtime is set: 1): a single quote is inserted before a single
> quote and nothing is added before " or \.
>
> php: ...
> ---
> //error_reporting(E_ALL);
> echo 'display_errors = ' . ini_get('display_errors') . "";
> echo 'register_globals = ' . ini_get('register_globals') . "";
> echo 'magic_quotes_gpc = ' . ini_get('magic_quotes_gpc') . "";
> echo 'get_magic_quotes_gpc = ' . get_magic_quotes_gpc() . "";
> echo 'get_magic_quotes_runtime = ' . get_magic_quotes_runtime() . "";
> echo "";
> echo "";
> echo 'Current PHP version: ' . phpversion();
> echo "";
> ?>
>
> $note = "Everyone's a card on the \earth";
> echo "$note";
> $note = addslashes($note);
> echo "note = $note";
> ?>
>
> phpinfo();
> ?>
> -
>
> output:
>
> display_errors = 1
> register_globals = 1
> magic_quotes_gpc = 1
> get_magic_quotes_gpc = 1
> get_magic_quotes_runtime = 1
>
>
>
> Current PHP version: 4.4.4
No offense, but are you kidding me? The host disables phpinfo() for
security reasons, but keeps 4.4.4 running? Talk about running, Paul run
away from them. Fast.
> Everyone's a card on the \earth
>
> note = Everyone''s a card on the \earth
>
> Warning: phpinfo() has been disabled for security reasons in
>
---
> --
> Using Opera's revolutionary email client: http://www.opera.com/mail/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
[PHP] How is this possible???? (addslashes)
Can anyone please tell me how the addslashes output ("note = Everyone''s a
card on the \earth") in the following example is possible. It is
"addslashes" output but this result is consistent with the output from
"post" when runtime is set: 1): a single quote is inserted before a single
quote and nothing is added before " or \.
php: ...
---
";
echo 'register_globals = ' . ini_get('register_globals') . "";
echo 'magic_quotes_gpc = ' . ini_get('magic_quotes_gpc') . "";
echo 'get_magic_quotes_gpc = ' . get_magic_quotes_gpc() . "";
echo 'get_magic_quotes_runtime = ' . get_magic_quotes_runtime() . "";
echo "";
echo "";
echo 'Current PHP version: ' . phpversion();
echo "";
?>
$note";
$note = addslashes($note);
echo "note = $note";
?>
-
output:
display_errors = 1
register_globals = 1
magic_quotes_gpc = 1
get_magic_quotes_gpc = 1
get_magic_quotes_runtime = 1
Current PHP version: 4.4.4
Everyone's a card on the \earth
note = Everyone''s a card on the \earth
Warning: phpinfo() has been disabled for security reasons in
---
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
