Re: [PHP] Why do form submissions need stripslashes() invocations?
Heloorghhh !!! Well, try to make a script with : then, look at the output to see where the error is well, php's got to know which of the quotes means "end of string" an which is a part of the string... so, parts of the string must be backslashed in every function using it when submitting a form php assumes that the string will be processed in a function and protects it. sorry for my medium english. - Original Message - From: Neil Zanella <[EMAIL PROTECTED]> To: PHP General Mailing List <[EMAIL PROTECTED]> Sent: Monday, September 10, 2001 2:18 AM Subject: [PHP] Why do form submissions need stripslashes() invocations? > > Hello, > > I would like to know why PHP adds slashes to the double quote, > single quote, and backslash characters when submitting a form. > In particular it would be nice if the PHP manual or some other > manual mentioned this but I could not find any official > documentation on this issue. Why does PHP add the > slashes in the first place? (I'm using PHP 4.0.4pl1 > and don't know if this is just a bug or whether > it was meant to be this way). > > Thanks, > > Neil > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why do form submissions need stripslashes() invocations?
So sprach »Neil Zanella« am 2001-09-09 um 23:20:12 -0230 : > > Hi Rasmus! > > Thanks for your explanation. Unfortunately I am using a server on which I > do not have write access to php.ini. I have also been noticing that No need to; if you're allowed to, you can create a .htaccess. > a submitted \" is received as " when I use stripslashes() thus Of course. stripslashes removes the \ in front of the ". Or did I misunderstand you? -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen Uptime: 0 hours 20 minutes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why do form submissions need stripslashes() invocations?
On Sun, 9 Sep 2001, Rasmus Lerdorf wrote: > Like all other PHP config directives you can set it in your .htaccess file > using: > > php_value magic_quotes_gpc off Thank you so much for pointing yet another useful piece of information. Sorry to bother you with one last question but while I run Apache at school I am foreced to use IIS at work. Is there an equivalent of the .htaccess file for IIS? I wish everyone were using PHP with the Apache web server! Thanks! Neil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Why do form submissions need stripslashes() invocations?
> Like all other PHP config directives you can set it in your > .htaccess file using: > > php_value magic_quotes_gpc off > > And you are wrong on the \" part. If magic_quotes_gpc is on and you > submit a string that contains \" then it will be escaped to \\\" and a > StripSlashes() will turn it back into \" Additionally, you can write code that will work under either situation by querying get_magic_quotes_gpc and get_magic_quotes_runtime to see which are in effect at any given time. Jason -- Jason Murray [EMAIL PROTECTED] Web Developer, Melbourne IT "Work now, freak later!" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why do form submissions need stripslashes() invocations?
Like all other PHP config directives you can set it in your .htaccess file using: php_value magic_quotes_gpc off And you are wrong on the \" part. If magic_quotes_gpc is on and you submit a string that contains \" then it will be escaped to \\\" and a StripSlashes() will turn it back into \" -Rasmus On Sun, 9 Sep 2001, Neil Zanella wrote: > > Hi Rasmus! > > Thanks for your explanation. Unfortunately I am using a server on which I > do not have write access to php.ini. I have also been noticing that > a submitted \" is received as " when I use stripslashes() thus > stripslashes() is not a totally safe alternative. Is there a > way that I can achieve the magic_quotes_gpc effect without > modifying the php.ini file? I guess I can do a > set_magic_quotes_runtime(0); I am not sure if > this is what I need in my situation. > > Thanks, and thanks for PHP!!! > > Neil > > On Sun, 9 Sep 2001, Rasmus Lerdorf wrote: > > > > I would like to know why PHP adds slashes to the double quote, > > > single quote, and backslash characters when submitting a form. > > > In particular it would be nice if the PHP manual or some other > > > manual mentioned this but I could not find any official > > > documentation on this issue. Why does PHP add the > > > slashes in the first place? (I'm using PHP 4.0.4pl1 > > > and don't know if this is just a bug or whether > > > it was meant to be this way). > > > > It is meant to be this way because so many scripts out there send form > > data directly to databases where these need to be escaped. You can change > > this behaviour with the magic_quotes_gpc directive in your php.in file. > > See http://www.php.net/manual/en/configuration.php > > > > -Rasmus > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why do form submissions need stripslashes() invocations?
Hi Rasmus! Thanks for your explanation. Unfortunately I am using a server on which I do not have write access to php.ini. I have also been noticing that a submitted \" is received as " when I use stripslashes() thus stripslashes() is not a totally safe alternative. Is there a way that I can achieve the magic_quotes_gpc effect without modifying the php.ini file? I guess I can do a set_magic_quotes_runtime(0); I am not sure if this is what I need in my situation. Thanks, and thanks for PHP!!! Neil On Sun, 9 Sep 2001, Rasmus Lerdorf wrote: > > I would like to know why PHP adds slashes to the double quote, > > single quote, and backslash characters when submitting a form. > > In particular it would be nice if the PHP manual or some other > > manual mentioned this but I could not find any official > > documentation on this issue. Why does PHP add the > > slashes in the first place? (I'm using PHP 4.0.4pl1 > > and don't know if this is just a bug or whether > > it was meant to be this way). > > It is meant to be this way because so many scripts out there send form > data directly to databases where these need to be escaped. You can change > this behaviour with the magic_quotes_gpc directive in your php.in file. > See http://www.php.net/manual/en/configuration.php > > -Rasmus > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Why do form submissions need stripslashes() invocations?
> I would like to know why PHP adds slashes to the double quote, > single quote, and backslash characters when submitting a form. > In particular it would be nice if the PHP manual or some other > manual mentioned this but I could not find any official > documentation on this issue. Why does PHP add the > slashes in the first place? (I'm using PHP 4.0.4pl1 > and don't know if this is just a bug or whether > it was meant to be this way). It is meant to be this way because so many scripts out there send form data directly to databases where these need to be escaped. You can change this behaviour with the magic_quotes_gpc directive in your php.in file. See http://www.php.net/manual/en/configuration.php -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Why do form submissions need stripslashes() invocations?
Hello, I would like to know why PHP adds slashes to the double quote, single quote, and backslash characters when submitting a form. In particular it would be nice if the PHP manual or some other manual mentioned this but I could not find any official documentation on this issue. Why does PHP add the slashes in the first place? (I'm using PHP 4.0.4pl1 and don't know if this is just a bug or whether it was meant to be this way). Thanks, Neil -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]