Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias  wrote:

> stripslashes() is rife with gaping security holes.  For mysql
> insertion rely on mysql_real_escape_string() or alternatively, you can
> use prepared statements.
>
> For outputting data on the page you should ideally be using
> htmlspecialchars($var, ENT_QUOTES);
>
> cheers,
> Russ
>
> On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot  wrote:
> > On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell  wrote:
> >
> >> From: Ravi Gehlot
> >>
> >> > What are these magic quotes anyways?. What are they used for?
> >> escaping?
> >>
> >> I wasn't there at the time, but I gather that the general idea was to
> >> automagically insert escape characters into data submitted from a form.
> >> However, they used a backslash as the escape character, which is not
> >> universally recognized across database engines. Even the SQL standard
> >> defines an escape as a single quote character.
> >>
> >> We used to have magic quotes enabled, and came up with the following
> >> code to clean up the mess it caused.
> >>
> >>// If magic quotes is on, we want to remove slashes
> >>if (get_magic_quotes_gpc()) {
> >>  // Magic quotes is on
> >>  $response = stripslashes($_POST[$key]);
> >>} else {
> >>  $response = $_POST[$key];
> >>}
> >>
> >> For future releases of PHP, this will also need a check to see if
> >> get_magic_quotes_gpc() exists first.
> >>
> >> Bob McConnell
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> > Bob,
> >
> > Thank you very much. This is good information. What I found out from
> > http://us2.php.net/manual/en/function.stripslashes.php was the
> following:
>
> "An example use of *stripslashes()* is when the PHP directive
> > magic_quotes_gpc<
> http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
> >is
> > *on* (it's on by default), and you aren't inserting this data into a
> place
> > (such as a database) that requires escaping. For example, if you're
> simply
> > outputting data straight from an HTML form. "
> >
> > So that means that stripslashes() isn't intended for DB insertions but
> only
> > straight output. So I will remove it from my code.
> >
> > Thanks,
> > Ravi.
> >
>

Hello Russell,

When you use htmlspecialchars() it tries to escape single/double quotes with
a bunch of backslashes. I had stripslashes() in an attempt to try to get the
backslashes away but it didn't. So the solution was to disable magic quotes
in php.ini. With GoDaddy shared hosting, I had to rename php.ini over to
php5.ini in order to have this to work. Also had to include the command like
responsible for disabling magic quotes. Everything is good and clean now.

Now you type for example "Hunter's Reserve Circle" and it keeps it as it is.
Before it would print something like "Hunter'///s Reserve Circle".
With double quote, the situation would be even worse.

mysql_real_escape_string() is a must in order to avoid SQL injections.

Regards,
Ravi.


Re: [PHP] Stripslashes

2010-12-22 Thread Russell Dias
stripslashes() is rife with gaping security holes.  For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.

For outputting data on the page you should ideally be using
htmlspecialchars($var, ENT_QUOTES);

cheers,
Russ

On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot  wrote:
> On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell  wrote:
>
>> From: Ravi Gehlot
>>
>> > What are these magic quotes anyways?. What are they used for?
>> escaping?
>>
>> I wasn't there at the time, but I gather that the general idea was to
>> automagically insert escape characters into data submitted from a form.
>> However, they used a backslash as the escape character, which is not
>> universally recognized across database engines. Even the SQL standard
>> defines an escape as a single quote character.
>>
>> We used to have magic quotes enabled, and came up with the following
>> code to clean up the mess it caused.
>>
>>    // If magic quotes is on, we want to remove slashes
>>    if (get_magic_quotes_gpc()) {
>>      // Magic quotes is on
>>      $response = stripslashes($_POST[$key]);
>>    } else {
>>      $response = $_POST[$key];
>>    }
>>
>> For future releases of PHP, this will also need a check to see if
>> get_magic_quotes_gpc() exists first.
>>
>> Bob McConnell
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> Bob,
>
> Thank you very much. This is good information. What I found out from
> http://us2.php.net/manual/en/function.stripslashes.php was the following:
> "An example use of *stripslashes()* is when the PHP directive
> magic_quotes_gpcis
> *on* (it's on by default), and you aren't inserting this data into a place
> (such as a database) that requires escaping. For example, if you're simply
> outputting data straight from an HTML form. "
>
> So that means that stripslashes() isn't intended for DB insertions but only
> straight output. So I will remove it from my code.
>
> Thanks,
> Ravi.
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell  wrote:

> From: Ravi Gehlot
>
> > What are these magic quotes anyways?. What are they used for?
> escaping?
>
> I wasn't there at the time, but I gather that the general idea was to
> automagically insert escape characters into data submitted from a form.
> However, they used a backslash as the escape character, which is not
> universally recognized across database engines. Even the SQL standard
> defines an escape as a single quote character.
>
> We used to have magic quotes enabled, and came up with the following
> code to clean up the mess it caused.
>
>// If magic quotes is on, we want to remove slashes
>if (get_magic_quotes_gpc()) {
>  // Magic quotes is on
>  $response = stripslashes($_POST[$key]);
>} else {
>  $response = $_POST[$key];
>}
>
> For future releases of PHP, this will also need a check to see if
> get_magic_quotes_gpc() exists first.
>
> Bob McConnell
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Bob,

Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
"An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpcis
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form. "

So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.

Thanks,
Ravi.


RE: [PHP] Stripslashes

2010-12-22 Thread Bob McConnell
From: Ravi Gehlot

> What are these magic quotes anyways?. What are they used for?
escaping?

I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.

We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.

// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
  // Magic quotes is on
  $response = stripslashes($_POST[$key]);
} else {
  $response = $_POST[$key];
}

For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
What are these magic quotes anyways?. What are they used for? escaping?

Regards,
Ravi.

On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson wrote:

> On Tue, Nov 16, 2010 at 10:10 PM, Gary  wrote:
>
> > I was doing a test of stripslashes on a $_POST, when I recieved the
> email,
> > all of the slashes were still in the data posted.
> >
> > I used :
> >
> > $fname = stripslashes($_POST['fname']);
> >
> > I input G\\a//r\y\\, and was expecting, according to the manuel
> G\a//r*y\,
> > but got the original spelling.
> >
>
> In this case, you should get the original, if I'm understanding correctly.
>  Think of it like a basic math problem:
>
> Step 1: Happens automatically when you submit the form and PHP receives the
> form variables
> input + slashes = slashed_input
>
> Step 2: This happens when you call stripslashes.
> slashed_input - slashes = input
>
> The goal of stripslashes is that it will undo what happened automatically
> using magic_quotes_gpc (which essentially calls addslashes on the GPC vars
> behind the scenes) so you'll end up with the original input.
>
> So, working through your example:
>
>   1. You inputted into a form G\\a//r\y\\ and submitted the form.
>   2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y).
>   3. You called stripslashes (G\\a//r\y\\).
>
>
>
>
> >
> > I added:
> >
> > echo stripslashes($fname); and did get the expected result on the page,
> but
> > not in the email from the $_POST.
> >
>
> Here, you called stripslashes on something already stripped once, so you
> now
> have a new value (G\a//ry\).
>
>
> >
> > I also tried
> >
> > $fname = (stripslashes($_POST['fname']));
> >
>
> This would be no different than your attempt without enclosing parentheses.
>
> Now, let me just say that I detest magic_quotes, and it's best to run with
> them disabled so you  don't even have to worry about this kind of issue
> (they've been deprecated.)  But, perhaps you were just trying to learn
> about
> some piece of legacy code.
>
> Hope the explanation helps, Gary.
>
> Adam
>
> --
> Nephtali:  PHP web framework that functions beautifully
> http://nephtaliproject.com
>


Re: [PHP] Stripslashes

2010-11-18 Thread Daniel Brown
On Thu, Nov 18, 2010 at 09:49, Tommy Pham  wrote:
>
> You'll have to wait a very long time for that. IIRC, the official word (via
> windows list) is that PHP 6 is cancelled.  The next official release is 5.4.

Well, not canceled, just postponed.  It goes back and forth all
the time, and has for years.  I wouldn't be surprised if we skipped
PHP6 and just released PHP7 (being facetious).

-- 

Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Stripslashes

2010-11-18 Thread Tommy Pham


> -Original Message-
> From: Gary [mailto:gp...@paulgdesigns.com]
> Sent: Wednesday, November 17, 2010 2:17 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] Stripslashes
> 


> I also assume that until php 6 is out and or I upgrade to it, I will have
to
> deal with magic_quotes?
> 
> Thank you for your help.
> 
> Gary
> 
Gary,

You'll have to wait a very long time for that. IIRC, the official word (via
windows list) is that PHP 6 is cancelled.  The next official release is 5.4.

Regards,
Tommy


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2010-11-17 Thread Adam Richardson
>
> Adam
>
> Thanks for your reply.  So if I disable magic_quotes, and I assume I can do
> that a script, then the stripslashes would work as the manuel said it
> would,
> meaning
>
> G\\a//r\y\\ becomes G\a//r'y\
>
> I also assume that until php 6 is out and or I upgrade to it, I will have
> to
> deal with magic_quotes?
>
> Thank you for your help.
>
> Gary
>

You can disable magic quotes with php.ini or htaccess or toss in the example
#2 code on this page if you don't have access to php.ini (each of these
examples are listed within the page below):
http://php.net/manual/en/security.magicquotes.disabling.php

Additionally,
it doesn't look like you'll have to wait long before you can stop worrying
about magic quotes (actually, several distros ship with them turned off:
http://www.pubbs.net/201011/php/27311-php-dev-magic-quotes-in-trunk.html

Keep
coding,

Adam


-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com


Re: [PHP] Stripslashes

2010-11-17 Thread Gary

"Adam Richardson"  wrote in message 
news:aanlktin_9_tfe9q+dc2hoynsavccoyuecudkqd919...@mail.gmail.com...
> On Tue, Nov 16, 2010 at 10:10 PM, Gary  wrote:
>
>> I was doing a test of stripslashes on a $_POST, when I recieved the 
>> email,
>> all of the slashes were still in the data posted.
>>
>> I used :
>>
>> $fname = stripslashes($_POST['fname']);
>>
>> I input G\\a//r\y\\, and was expecting, according to the manuel 
>> G\a//r*y\,
>> but got the original spelling.
>>
>
> In this case, you should get the original, if I'm understanding correctly.
> Think of it like a basic math problem:
>
> Step 1: Happens automatically when you submit the form and PHP receives 
> the
> form variables
> input + slashes = slashed_input
>
> Step 2: This happens when you call stripslashes.
> slashed_input - slashes = input
>
> The goal of stripslashes is that it will undo what happened automatically
> using magic_quotes_gpc (which essentially calls addslashes on the GPC vars
> behind the scenes) so you'll end up with the original input.
>
> So, working through your example:
>
>   1. You inputted into a form G\\a//r\y\\ and submitted the form.
>   2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y).
>   3. You called stripslashes (G\\a//r\y\\).
>
>
>
>
>>
>> I added:
>>
>> echo stripslashes($fname); and did get the expected result on the page, 
>> but
>> not in the email from the $_POST.
>>
>
> Here, you called stripslashes on something already stripped once, so you 
> now
> have a new value (G\a//ry\).
>
>
>>
>> I also tried
>>
>> $fname = (stripslashes($_POST['fname']));
>>
>
> This would be no different than your attempt without enclosing 
> parentheses.
>
> Now, let me just say that I detest magic_quotes, and it's best to run with
> them disabled so you  don't even have to worry about this kind of issue
> (they've been deprecated.)  But, perhaps you were just trying to learn 
> about
> some piece of legacy code.
>
> Hope the explanation helps, Gary.
>
> Adam
>
> -- 
> Nephtali:  PHP web framework that functions beautifully
> http://nephtaliproject.com
>

Adam

Thanks for your reply.  So if I disable magic_quotes, and I assume I can do 
that a script, then the stripslashes would work as the manuel said it would, 
meaning

G\\a//r\y\\ becomes G\a//r'y\

I also assume that until php 6 is out and or I upgrade to it, I will have to 
deal with magic_quotes?

Thank you for your help.

Gary



__ Information from ESET Smart Security, version of virus signature 
database 5627 (20101117) __

The message was checked by ESET Smart Security.

http://www.eset.com





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2010-11-16 Thread Adam Richardson
On Tue, Nov 16, 2010 at 10:10 PM, Gary  wrote:

> I was doing a test of stripslashes on a $_POST, when I recieved the email,
> all of the slashes were still in the data posted.
>
> I used :
>
> $fname = stripslashes($_POST['fname']);
>
> I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\,
> but got the original spelling.
>

In this case, you should get the original, if I'm understanding correctly.
 Think of it like a basic math problem:

Step 1: Happens automatically when you submit the form and PHP receives the
form variables
input + slashes = slashed_input

Step 2: This happens when you call stripslashes.
slashed_input - slashes = input

The goal of stripslashes is that it will undo what happened automatically
using magic_quotes_gpc (which essentially calls addslashes on the GPC vars
behind the scenes) so you'll end up with the original input.

So, working through your example:

   1. You inputted into a form G\\a//r\y\\ and submitted the form.
   2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y).
   3. You called stripslashes (G\\a//r\y\\).




>
> I added:
>
> echo stripslashes($fname); and did get the expected result on the page, but
> not in the email from the $_POST.
>

Here, you called stripslashes on something already stripped once, so you now
have a new value (G\a//ry\).


>
> I also tried
>
> $fname = (stripslashes($_POST['fname']));
>

This would be no different than your attempt without enclosing parentheses.

Now, let me just say that I detest magic_quotes, and it's best to run with
them disabled so you  don't even have to worry about this kind of issue
(they've been deprecated.)  But, perhaps you were just trying to learn about
some piece of legacy code.

Hope the explanation helps, Gary.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com


Re: [PHP] Stripslashes redundancy question.

2010-10-25 Thread Adam Richardson
> You can only call stripslashes once, and only if magic quotes is
> enabled. Even if you can turn it off on your server, if there is any
> chance your code will be used on other servers where it might not be
> turned off, you need to wrap it with the test for magic quotes to make
> it safe. We always used the version wrapped in the magic quotes check.
> That way we don't care how the server is configured.
>
> A Google search on the two function names will retrieve many valid
> arguments for this course of action.
>
> Bob McConnell

Hi Bob,

You're absolutely right, you can find examples like your suggesting.
However, this can lead to issues.

For instance, some frameworks and scripts take the opportunity to
strip slashes from all GPC data at once, such as the code below:

if (get_magic_quotes_gpc()){
 $_GET = array_map('stripslashes', $_GET);
 $_POST = array_map('stripslashes', $_POST);
 $_COOKIE = array_map('stripslashes', $_COOKIE);
}

Now, if your library is running a magic quote check and strip, but
another library is running this type of strip before yours, a
legitimate string can be mangled:

$test = 'CD "C:\Program Files\Internet Explorer\"';
$slashed_version = addslashes($test);
// the other library
$deslashed1 = stripslashes($slashed_version);
// your library
$deslashed2 = stripslashes($deslashed1);
echo $deslashed2;

This outputs:
CD "C:Program FilesInternet Explorer"

Granted, this isn't likely a frequent issue, as the type of strings
that cause this issue are used infrequently.  However, given the above
potential issue,  the lack of benefits in terms of preventing SQL
injection, and the increased overhead, I prefer to make sure they're
turned off (even most shared hosts allow you to turn off magic quotes
if they aren't already turned off.)

That said, I understand your approach.  I just wanted to make sure I
spoke more clearly to the issues I had magic quotes.

Adam

--
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes redundancy question.

2010-10-25 Thread Shawn McKenzie
On 10/25/2010 09:49 AM, Paul M Foster wrote:
> On Sun, Oct 24, 2010 at 09:33:23PM -0400, Adam Richardson wrote:
> 
> 
> 
>> This
>> was after many criticisms were leveled against the use of magic quotes:
>> http://en.wikipedia.org/wiki/Magic_quotes
> 
> Wait-- according to this last link, magic quotes are only inserted on
> GET, POST, REQUEST and COOKIE values. I've never seen this in the
> php.net docs. Did I miss something? Is the link correct and the php.net
> docs incomplete? Or am I just horribly misguided?
> 
> Paul
> 

magic_quotes_gpc yes (Get, Post, Cookie).  magic_quotes_runtime controls
these:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes redundancy question.

2010-10-25 Thread Paul M Foster
On Sun, Oct 24, 2010 at 09:33:23PM -0400, Adam Richardson wrote:



> This
> was after many criticisms were leveled against the use of magic quotes:
> http://en.wikipedia.org/wiki/Magic_quotes

Wait-- according to this last link, magic quotes are only inserted on
GET, POST, REQUEST and COOKIE values. I've never seen this in the
php.net docs. Did I miss something? Is the link correct and the php.net
docs incomplete? Or am I just horribly misguided?

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Stripslashes redundancy question.

2010-10-25 Thread Bob McConnell
From: Adam Richardson

> On Sun, Oct 24, 2010 at 6:29 PM, Gary  wrote:
>> In my form processing scripts, I usually have the variable set as so:
>>
>> $email = stripslashes($_POST['email']);
>>
>> I have discovered that the program that I use has a pre-written
function of
>> this:
>>
>> // remove escape characters from POST array
>> if (get_magic_quotes_gpc()) {
>>  function stripslashes_deep($value) {
>>$value = is_array($value) ? array_map('stripslashes_deep', $value)
:
>> stripslashes($value);
>>return $value;
>>}
>>  $_POST = array_map('stripslashes_deep', $_POST);
>>  }
>>
>> I just put this in a script that I have been using, leaving the
original
>> stripslashes in the variable. The script still works, but is there a
>> problem
>> with redundancy, or does one cancel the other out?
>>
>> Also, which do you think is a better method to use?
>>
> 
> Calling stripslashes() more than once on the same string can cause
issues.
>  That said, I'd point out that as of PHP 5.3, the use of
magic_quotes_gpc()
> has been deprecated:
>
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
> 
>
This
> was after many criticisms were leveled against the use of magic
quotes:
> http://en.wikipedia.org/wiki/Magic_quotes
> 
> So, my inclination is to turn off magic quotes if they're on by using
> php.ini -OR- htaccess  (if at all possible) rather than checking if
they are
> on and strip them if needed.

You can only call stripslashes once, and only if magic quotes is
enabled. Even if you can turn it off on your server, if there is any
chance your code will be used on other servers where it might not be
turned off, you need to wrap it with the test for magic quotes to make
it safe. We always used the version wrapped in the magic quotes check.
That way we don't care how the server is configured.

A Google search on the two function names will retrieve many valid
arguments for this course of action.

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes redundancy question.

2010-10-24 Thread Adam Richardson
On Sun, Oct 24, 2010 at 6:29 PM, Gary  wrote:

> In my form processing scripts, I usually have the variable set as so:
>
> $email = stripslashes($_POST['email']);
>
> I have discovered that the program that I use has a pre-written function of
> this:
>
> // remove escape characters from POST array
> if (get_magic_quotes_gpc()) {
>  function stripslashes_deep($value) {
>$value = is_array($value) ? array_map('stripslashes_deep', $value) :
> stripslashes($value);
>return $value;
>}
>  $_POST = array_map('stripslashes_deep', $_POST);
>  }
>
> I just put this in a script that I have been using, leaving the original
> stripslashes in the variable. The script still works, but is there a
> problem
> with redundancy, or does one cancel the other out?
>
> Also, which do you think is a better method to use?
>
> Thank you
>
> Gary
>
>
>
> __ Information from ESET Smart Security, version of virus signature
> database 5560 (20101024) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi Gary,

Calling stripslashes() more than once on the same string can cause issues.
 That said, I'd point out that as of PHP 5.3, the use of magic_quotes_gpc()
has been deprecated:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc

This
was after many criticisms were leveled against the use of magic quotes:
http://en.wikipedia.org/wiki/Magic_quotes

So, my inclination is to turn off magic quotes if they're on by using
php.ini -OR- htaccess  (if at all possible) rather than checking if they are
on and strip them if needed.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com


Re: [PHP] Stripslashes

2007-01-15 Thread Curt Zirzow

On 1/15/07, Beauford <[EMAIL PROTECTED]> wrote:

I'm familiar with the .htaccess file and I am told by the hosting company
that apache is set up to use it, I've just never used it much - especially
for PHP. If this works I'd even like to set an includes file for PHP. Here
is the file.

# -FrontPage-


Ouch.



IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*


Honestly this is jibber jabberish, it is protection for them not you,
and a reason why i dont supply hosting.




order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthName www.site.com
AuthUserFile /home/user/public_html/dir/file.pwd
AuthGroupFile /home/user/public_html/dir/file.grp


As far as i can gather this is what they told you the apache config is
for your domain, probably a typical response from the question you
asked.



php_value magic_quotes_gpc 0



Aha, check this value by making a phpinfo() page, php.net/phpinfo

compare global vs local, local means that is what really is being used.

HTH,
Curt.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-15 Thread Curt Zirzow

On 1/14/07, Beauford <[EMAIL PROTECTED]> wrote:


I guess I'm just doing something wrong, 'cause that doesn't work either -
nor do the hundreds of other snippets I've used.

Here's the scenario. I have a form - after they submit the form it shows
what they have entered, this is where I get the \. It also does it if the
form redisplays after the user has input invalid data.



Just a refresher/reminder, and try to make things simple... escape
input/output according to the context:

 if reading a form variable from POST/GET/COOKIES and magic_gpc is on:
   unescape the vars via stripslashes other wise do nothing

 if putting a variable, to a db use the databases escape function
before passing it to the db

 if putting it to html, htmlspecialchar() or htmlenties() the
variable before displaying it

 if putting it in a url, urlencode it.

 if putting it to X, Xencode it. (where X some other output)

When following these guidelines you will be able to find the exact
area where the problem is.


Curt

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Stripslashes

2007-01-15 Thread Beauford
I'm familiar with the .htaccess file and I am told by the hosting company
that apache is set up to use it, I've just never used it much - especially
for PHP. If this works I'd even like to set an includes file for PHP. Here
is the file.

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*


order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthName www.site.com
AuthUserFile /home/user/public_html/dir/file.pwd
AuthGroupFile /home/user/public_html/dir/file.grp

php_value magic_quotes_gpc 0 

-

Thanks

> -Original Message-
> From: Larry Garfield [mailto:[EMAIL PROTECTED] 
> Sent: January 15, 2007 12:02 AM
> To: Beauford; PHP-General
> Subject: Re: [PHP] Stripslashes
> 
> Copying this back on list where it belongs...
> 
> If the apache process on the server is configured to support 
> .htaccess files, then there shouldn't be anything special you 
> need to do.  Do you have any other htaccess directives in use 
> that could be affecting it?  Remember that it's not 
> "htaccess", it's a ".htaccess" file.  Mind the period.
> 
> 
> On Sunday 14 January 2007 9:56 pm, Beauford wrote:
> > Hi Larry,
> >
> > I'm sending this off list. I put this in the .htaccess file on the 
> > hosting server, but still have the same problems. Is there 
> a special 
> > way this needs to be done?
> >
> > Thanks
> >
> > > Thanks
> > >
> > > > -----Original Message-
> > > > From: Larry Garfield [mailto:[EMAIL PROTECTED]
> > > > Sent: January 14, 2007 4:39 PM
> > > > To: php-general@lists.php.net
> > > > Subject: Re: [PHP] Stripslashes
> > > >
> > > > On a real web host, they'll let you have a .htaccess file where 
> > > > you can disable them like so:
> > > >
> > > > php_value magic_quotes_gpc 0
> > > >
> > > > (I keep saying "real web host" because I've just recently
> > >
> > > had to deal
> > >
> > > > with a few web hosts that a client insisted on that 
> didn't have a 
> > > > standard configuration and didn't support .htaccess files.
> > >
> > > I lost 6
> > >
> > > > hours of my life right before Christmas trying to work 
> around that 
> > > > fact, and I can't get them back.  If you find yourself 
> in the same 
> > > > situation, vote with your feet and let such hosts die a
> > >
> > > horrible and
> > >
> > > > bankrupt death.)
> > > >
> > > > On Sunday 14 January 2007 10:46 am, Beauford wrote:
> > > > > I just turned  off get_magic_quotes in my PHP.ini, but not
> > > >
> > > > sure if the
> > > >
> > > > > hosting company has it on or not once I upload the site.
> 
> 
> -- 
> Larry GarfieldAIM: LOLG42
> [EMAIL PROTECTED] ICQ: 6817012
> 
> "If nature has made any one thing less susceptible than all 
> others of exclusive property, it is the action of the 
> thinking power called an idea, which an individual may 
> exclusively possess as long as he keeps it to himself; but 
> the moment it is divulged, it forces itself into the 
> possession of every one, and the receiver cannot dispossess 
> himself of it."  -- Thomas Jefferson
> 
> --
> PHP General Mailing List (http://www.php.net/) To 
> unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-14 Thread Larry Garfield
Copying this back on list where it belongs...

If the apache process on the server is configured to support .htaccess files, 
then there shouldn't be anything special you need to do.  Do you have any 
other htaccess directives in use that could be affecting it?  Remember that 
it's not "htaccess", it's a ".htaccess" file.  Mind the period.


On Sunday 14 January 2007 9:56 pm, Beauford wrote:
> Hi Larry,
>
> I'm sending this off list. I put this in the .htaccess file on the hosting
> server, but still have the same problems. Is there a special way this needs
> to be done?
>
> Thanks
>
> > Thanks
> >
> > > -Original Message-
> > > From: Larry Garfield [mailto:[EMAIL PROTECTED]
> > > Sent: January 14, 2007 4:39 PM
> > > To: php-general@lists.php.net
> > > Subject: Re: [PHP] Stripslashes
> > >
> > > On a real web host, they'll let you have a .htaccess file where you
> > > can disable them like so:
> > >
> > > php_value magic_quotes_gpc 0
> > >
> > > (I keep saying "real web host" because I've just recently
> >
> > had to deal
> >
> > > with a few web hosts that a client insisted on that didn't have a
> > > standard configuration and didn't support .htaccess files.
> >
> > I lost 6
> >
> > > hours of my life right before Christmas trying to work around that
> > > fact, and I can't get them back.  If you find yourself in the same
> > > situation, vote with your feet and let such hosts die a
> >
> > horrible and
> >
> > > bankrupt death.)
> > >
> > > On Sunday 14 January 2007 10:46 am, Beauford wrote:
> > > > I just turned  off get_magic_quotes in my PHP.ini, but not
> > >
> > > sure if the
> > >
> > > > hosting company has it on or not once I upload the site.


-- 
Larry Garfield  AIM: LOLG42
[EMAIL PROTECTED]   ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 
Jefferson

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-14 Thread Jim Lucas

Beauford wrote:

I just turned  off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site. 

  
What do you mean by "my PHP.ini" file?  Are you saying that php is 
running as a cgi or as an apache mod?



-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED] 
Sent: January 14, 2007 11:34 AM

To: 'PHP'
Subject: RE: [PHP] Stripslashes

 
I guess I'm just doing something wrong, 'cause that doesn't 
work either - nor do the hundreds of other snippets I've used. 

Here's the scenario. I have a form - after they submit the 
form it shows what they have entered, this is where I get the 
\. It also does it if the form redisplays after the user has 
input invalid data.


All this is being done on the same page.



-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes

Beauford wrote:
  

Hi,

Anyone know how I can strip slashes from $_POST variables. I have 
tried about a hundred different ways of doing this and


nothing works.
  

i.e.

if(!empty($_POST)){
foreach($_POST as $x => $y){
$_POST[$x] = stripslashes($y);
}
}

This came about after someone tried to enter O'Toole in a


form, and it
  

appeared as O\'Toole.

Thanks

  


This is what I use, and it has worked ever time.

if ( get_magic_quotes_gpc() ) {
  $_POST = array_map("stripslashes", $_POST); }

Jim Lucas



  

--
PHP General Mailing List (http://www.php.net/) To 
unsubscribe, visit: http://www.php.net/unsub.php







  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-14 Thread Larry Garfield
On a real web host, they'll let you have a .htaccess file where you can 
disable them like so:

php_value magic_quotes_gpc 0

(I keep saying "real web host" because I've just recently had to deal with a 
few web hosts that a client insisted on that didn't have a standard 
configuration and didn't support .htaccess files.  I lost 6 hours of my life 
right before Christmas trying to work around that fact, and I can't get them 
back.  If you find yourself in the same situation, vote with your feet and 
let such hosts die a horrible and bankrupt death.)

On Sunday 14 January 2007 10:46 am, Beauford wrote:
> I just turned  off get_magic_quotes in my PHP.ini, but not sure if the
> hosting company has it on or not once I upload the site.
>
> > -Original Message-
> > From: Beauford [mailto:[EMAIL PROTECTED]
> > Sent: January 14, 2007 11:34 AM
> > To: 'PHP'
> > Subject: RE: [PHP] Stripslashes
> >
> >
> > I guess I'm just doing something wrong, 'cause that doesn't
> > work either - nor do the hundreds of other snippets I've used.
> >
> > Here's the scenario. I have a form - after they submit the
> > form it shows what they have entered, this is where I get the
> > \. It also does it if the form redisplays after the user has
> > input invalid data.
> >
> > All this is being done on the same page.
> >
> > > -Original Message-
> > > From: Jim Lucas [mailto:[EMAIL PROTECTED]
> > > Sent: January 14, 2007 1:02 AM
> > > To: Beauford
> > > Cc: PHP
> > > Subject: Re: [PHP] Stripslashes
> > >
> > > Beauford wrote:
> > > > Hi,
> > > >
> > > > Anyone know how I can strip slashes from $_POST variables. I have
> > > > tried about a hundred different ways of doing this and
> > >
> > > nothing works.
> > >
> > > > i.e.
> > > >
> > > > if(!empty($_POST)){
> > > > foreach($_POST as $x => $y){
> > > > $_POST[$x] = stripslashes($y);
> > > > }
> > > > }
> > > >
> > > > This came about after someone tried to enter O'Toole in a
> > >
> > > form, and it
> > >
> > > > appeared as O\'Toole.
> > > >
> > > > Thanks
> > >
> > > This is what I use, and it has worked ever time.
> > >
> > > if ( get_magic_quotes_gpc() ) {
> > >   $_POST = array_map("stripslashes", $_POST); }
> > >
> > > Jim Lucas
> >
> > --
> > PHP General Mailing List (http://www.php.net/) To
> > unsubscribe, visit: http://www.php.net/unsub.php

-- 
Larry Garfield  AIM: LOLG42
[EMAIL PROTECTED]   ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 
Jefferson

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-14 Thread Jim Lucas

Beauford wrote:

I just turned  off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site. 

  

-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED] 
Sent: January 14, 2007 11:34 AM

To: 'PHP'
Subject: RE: [PHP] Stripslashes

 
I guess I'm just doing something wrong, 'cause that doesn't 
work either - nor do the hundreds of other snippets I've used. 

Here's the scenario. I have a form - after they submit the 
form it shows what they have entered, this is where I get the 
\. It also does it if the form redisplays after the user has 
input invalid data.


All this is being done on the same page.



-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes

Beauford wrote:
  

Hi,

Anyone know how I can strip slashes from $_POST variables. I have 
tried about a hundred different ways of doing this and


nothing works.
  

i.e.

if(!empty($_POST)){
foreach($_POST as $x => $y){
$_POST[$x] = stripslashes($y);
}
}

This came about after someone tried to enter O'Toole in a


form, and it
  

appeared as O\'Toole.

Thanks

  


This is what I use, and it has worked ever time.

if ( get_magic_quotes_gpc() ) {
  $_POST = array_map("stripslashes", $_POST); }

Jim Lucas



  

--
PHP General Mailing List (http://www.php.net/) To 
unsubscribe, visit: http://www.php.net/unsub.php







  
do you have a way to look at the data in the DB, if so, look to see if 
the back slashes are in the db


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Stripslashes

2007-01-14 Thread Beauford
I just turned  off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site. 

> -Original Message-
> From: Beauford [mailto:[EMAIL PROTECTED] 
> Sent: January 14, 2007 11:34 AM
> To: 'PHP'
> Subject: RE: [PHP] Stripslashes
> 
>  
> I guess I'm just doing something wrong, 'cause that doesn't 
> work either - nor do the hundreds of other snippets I've used. 
> 
> Here's the scenario. I have a form - after they submit the 
> form it shows what they have entered, this is where I get the 
> \. It also does it if the form redisplays after the user has 
> input invalid data.
> 
> All this is being done on the same page.
> 
> > -Original Message-
> > From: Jim Lucas [mailto:[EMAIL PROTECTED]
> > Sent: January 14, 2007 1:02 AM
> > To: Beauford
> > Cc: PHP
> > Subject: Re: [PHP] Stripslashes
> > 
> > Beauford wrote:
> > > Hi,
> > >
> > > Anyone know how I can strip slashes from $_POST variables. I have 
> > > tried about a hundred different ways of doing this and
> > nothing works.
> > >
> > > i.e.
> > >
> > > if(!empty($_POST)){
> > > foreach($_POST as $x => $y){
> > > $_POST[$x] = stripslashes($y);
> > > }
> > > }
> > >
> > > This came about after someone tried to enter O'Toole in a
> > form, and it
> > > appeared as O\'Toole.
> > >
> > > Thanks
> > >
> > >   
> > This is what I use, and it has worked ever time.
> > 
> > if ( get_magic_quotes_gpc() ) {
> >   $_POST = array_map("stripslashes", $_POST); }
> > 
> > Jim Lucas
> > 
> > 
> > 
> 
> --
> PHP General Mailing List (http://www.php.net/) To 
> unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Stripslashes

2007-01-14 Thread Beauford
 
I guess I'm just doing something wrong, 'cause that doesn't work either -
nor do the hundreds of other snippets I've used. 

Here's the scenario. I have a form - after they submit the form it shows
what they have entered, this is where I get the \. It also does it if the
form redisplays after the user has input invalid data.

All this is being done on the same page.

> -Original Message-
> From: Jim Lucas [mailto:[EMAIL PROTECTED] 
> Sent: January 14, 2007 1:02 AM
> To: Beauford
> Cc: PHP
> Subject: Re: [PHP] Stripslashes
> 
> Beauford wrote:
> > Hi,
> >
> > Anyone know how I can strip slashes from $_POST variables. I have 
> > tried about a hundred different ways of doing this and 
> nothing works.
> >
> > i.e.
> >
> > if(!empty($_POST)){
> > foreach($_POST as $x => $y){
> > $_POST[$x] = stripslashes($y);
> > }
> > }
> >
> > This came about after someone tried to enter O'Toole in a 
> form, and it 
> > appeared as O\'Toole.
> >
> > Thanks
> >
> >   
> This is what I use, and it has worked ever time.
> 
> if ( get_magic_quotes_gpc() ) {
>   $_POST = array_map("stripslashes", $_POST); }
> 
> Jim Lucas
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-13 Thread Jim Lucas

Larry Garfield wrote:

On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:

  

This is what I use, and it has worked ever time.

if ( get_magic_quotes_gpc() ) {
  $_POST = array_map("stripslashes", $_POST);
}

Jim Lucas



That will break as soon as you submit an array back through a POST request, 
which I do rather often. :-)  You need to iterate over the array, and if an 
item is an array, iterate over it recursively.  array_walk() can be useful 
here.


Of course, the real answer is to disable magic quotes in the first place as 
they are spawn of Satan.  If you're using a web host that doesn't let you do 
so, get a real web host.  

  

Had to think about that one and test, but you are right.
Up until this point, I have not had a project that I had to submit 
arrays via POST.  Just happens that next week, I would have started my 
first project that does require me to submit via POST with arrays and I 
would have found it then, but anyways, it is fixed now.


on my dev server I have PHP 4.3.11 so I had to build my own work around 
for array_walk_recursive, since it is only in PHP5 and newer  :(


I am pretty sure that it does what the function does in PHP5

Try this

 $v ) {
   if ( is_array($v) ) {
   array_walk_recursive($v, $b, $c);
   $a[$k] = $v;
   } else {
   $a[$k] = $b($v, $k, $c);
   }
   }
   return true;
}

function my_stripslashes($a, $b, $c='') {
   return stripslashes($a);
}

$data[] = addslashes("Jim's new list");
$data[] = addslashes("Tom's new list");
$data[] = array(addslashes("bill's"), addslashes("Tracy's"));

var_dump($data);

array_walk_recursive($data, "my_stripslashes");

var_dump($data);

?>


Jim Lucas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-13 Thread Larry Garfield
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:

> This is what I use, and it has worked ever time.
>
> if ( get_magic_quotes_gpc() ) {
>   $_POST = array_map("stripslashes", $_POST);
> }
>
> Jim Lucas

That will break as soon as you submit an array back through a POST request, 
which I do rather often. :-)  You need to iterate over the array, and if an 
item is an array, iterate over it recursively.  array_walk() can be useful 
here.

Of course, the real answer is to disable magic quotes in the first place as 
they are spawn of Satan.  If you're using a web host that doesn't let you do 
so, get a real web host.  

-- 
Larry Garfield  AIM: LOLG42
[EMAIL PROTECTED]   ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 
Jefferson

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Stripslashes

2007-01-13 Thread Jim Lucas

Beauford wrote:

Hi,

Anyone know how I can strip slashes from $_POST variables. I have tried
about a hundred different ways of doing this and nothing works.

i.e.

if(!empty($_POST)){
foreach($_POST as $x => $y){
$_POST[$x] = stripslashes($y);
}
}

This came about after someone tried to enter O'Toole in a form, and it
appeared as O\'Toole.

Thanks

  

This is what I use, and it has worked ever time.

if ( get_magic_quotes_gpc() ) {
 $_POST = array_map("stripslashes", $_POST);
}

Jim Lucas

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Jordi Canals
Philip Olson wrote:
I usually stripslashes() when I read the info from the database (MySQL).
 Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.

To add further comment.  If you're required to run stripslashes() on
data coming out of your database then you did something wrong.  Your
code would have essentially looked like the following before insertion:
Wow, here where just my mistake :p I have magic_quotes_gpc at ON and I
do not use addslashes. I use a custom .htaccess file to ensure
magic_quotes_gpc are ON ...
But in a class used to create the forms, there is a striplashes(), so
the extrange I've seen. Removed stripslashes from the function, solved
the problem.
Just have to work to see how manage the form when data comes from a
previos post (Which have slashes) or comes from DB (Which have NOT).
Thanks to all to help me to clarify this point.
Jordi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread John W. Holmes
Jordi Canals wrote:
I usually stripslashes() when I read the info from the database (MySQL). 
 Because the information was inserted after adding slashes, or the 
system has magic_quotes_gpc set to ON.
I remember being taught this lesson long ago. :)
You do not need to strip slashes from the data being read from the 
database. If you find yourself having to do that, then you're escaping 
the data twice before it's inserted. You more than likely have 
magic_quotes_gpc enabled which escapes all incoming GET, POST and COOKIE 
data and then you are running addslashes() yourself.

You should check the magic_quotes setting with get_magic_quotes_gpc() 
and then determine if you need to use addslashes or 
mysql_real_escape_string().

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Philip Olson

> > I usually stripslashes() when I read the info from the database (MySQL).
> >   Because the information was inserted after adding slashes, or the
> > system has magic_quotes_gpc set to ON.
> > 
> > I'd like to know, if I can do stripslashes() directly, as it is suposed
> > that all data was inserted into DB after slashing the vars. I mean,
> > should I check or not before if magic_quotes_gpc are on ?
> > 
> > As I know, magic_quotes_gpc has nothing to do with info readed from the
> > DB, as it only affects Get/Post/Cookie values.
> > 
> > I think to make a check like this:
> > 
> > $result = mysql_query("SELECT ");
> > $row = mysql_fetch_assoc($result);
> > 
> > foreach ($row as $key => $value) {
> >  $row[$key] = stripslashes($value);
> > }
> > 
> > But not sure if it really necessary, as i'm getting some confusing results.
> > 
> 
> What you *should* be doing is check for magic quotes when inserting into the DB.
> 
> if(!get_magic_quotes_gpc()) {
>   $value = mysql_real_escape_string($value);
> }
> 
> $query = 'INSERT INTO table (field) VALUES ("'.$value.'")';
> mysql_query($query);

To add further comment.  If you're required to run stripslashes() on
data coming out of your database then you did something wrong.  Your
code would have essentially looked like the following before insertion:

  $var = addslashes(addslashes($var));

Where 'magic_quotes_gpc = on' essentially executed one of those
addslashes().  The above use of get_magic_quotes_gpc() shows you 
how to add slashes just once thus not having a bunch of \' type 
badness inside your database.  Remember backslashes are only 
added to make proper strings for db insertion so the backslashes 
should never actually make it into the database.

Regards,
Philip

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Justin Patrin
On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I usually stripslashes() when I read the info from the database (MySQL).
>   Because the information was inserted after adding slashes, or the
> system has magic_quotes_gpc set to ON.
> 
> I'd like to know, if I can do stripslashes() directly, as it is suposed
> that all data was inserted into DB after slashing the vars. I mean,
> should I check or not before if magic_quotes_gpc are on ?
> 
> As I know, magic_quotes_gpc has nothing to do with info readed from the
> DB, as it only affects Get/Post/Cookie values.
> 
> I think to make a check like this:
> 
> $result = mysql_query("SELECT ");
> $row = mysql_fetch_assoc($result);
> 
> foreach ($row as $key => $value) {
>  $row[$key] = stripslashes($value);
> }
> 
> But not sure if it really necessary, as i'm getting some confusing results.
> 

What you *should* be doing is check for magic quotes when inserting into the DB.

if(!get_magic_quotes_gpc()) {
  $value = mysql_real_escape_string($value);
}

$query = 'INSERT INTO table (field) VALUES ("'.$value.'")';
mysql_query($query);


-- 
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder

paperCrane --Justin Patrin--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] stripslashes()

2003-03-09 Thread John W. Holmes
> I need to stripslashes() practically every $value as I pass data from
one
> submit to another.
> 
> L\'apprentissage d\'une langue ...
> 
> Instead of doing it to every $value, someone showed me once something
I
> could add something to the beginning of my script. It was some type of
> code on a post_var that turned off the addslashes on every $value.
Anyone
> have an idea of what I'm talking about?

Either turn off magic_quotes_gpc in php.ini or an .htaccess file or do
something like this:

Foreach($_GET as $key => $value)
{ $_GET[$key] = stripslashes($value); }

and the same for $_POST, etc. 

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-08 Thread Leif K-Brooks
Try this (untestted):
if(get_magic_quotes_gpc()){
   foreach($_REQUEST as $vname => $value){
   $$vname = stripslashes($vname);
   }
}
John Taylor-Johnston wrote:

I need to stripslashes() practically every $value as I pass data from one submit to another.

L\'apprentissage d\'une langue ...

Instead of doing it to every $value, someone showed me once something I could add something to the beginning of my script. It was some type of code on a post_var that turned off the addslashes on every $value. Anyone have an idea of what I'm talking about?

 

--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] stripslashes()

2003-03-08 Thread Ray Hunter
You could write a function like 

strippostslashes()

that is called on everypage that access the $_POST or $_GET variables...


--
Ray


On Sat, 2003-03-08 at 23:29, John Taylor-Johnston wrote:
> I need to stripslashes() practically every $value as I pass data from one submit to 
> another.
> 
> L\'apprentissage d\'une langue ...
> 
> Instead of doing it to every $value, someone showed me once something I could add 
> something to the beginning of my script. It was some type of code on a post_var that 
> turned off the addslashes on every $value. Anyone have an idea of what I'm talking 
> about?
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 04:03 02.03.2003, Dade Register said:
[snip]
>Thanx a lot for your help.
>It adds to the .dat file. it's not fgets().
>Dade [EMAIL PROTECTED]'s
>That's from the dat file. any other ideas?
[snip] 

add this line vefore and after stripslashes() and see what you get:

echo '', $poem, '';

If I type "I've set it up" it should read

I\'ve set it up
I've set it up

or your stripslashes is not working.


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
Thanx a lot for your help.
It adds to the .dat file. it's not fgets().
Dade [EMAIL PROTECTED]'s
That's from the dat file. any other ideas?
-Dade
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
wrote:
> At 03:37 02.03.2003, Dade Register said:
> [snip]
> >I know I am doing the exact thing you are If
> you
> >or someone else doesn't mind, could you look @
> >http://dragonz-cavern.mine.nu/poems.phps and see
> what
> >I'm doing wrong? I am trying to parse it before it
> >gets stored in my txt file. plz help. I'd really
> >appreciate it.
> [snip] 
> 
> You're doing everything right. If you have a look at
> the datfile you'll
> notice there are NO backslashes. Right?
> 
> Ok, so the culprit must be fgets() - and indeed this
> can be found in the
> online manual
> (http://www.php.net/manual/en/function.fgets.php),
> in the
> user comments:
> 
> php at silisoftware dot com 13-Jun-2002 06:44   
> Beware of magic_quotes_runtime !
> php.ini-recommended for PHP v4.2.1 (Windows) had
> magic_quotes_runtime set
> ON, and that addslash'd all input read via fgets()
> 
> So the solution here is to either add stripslashes()
> after your datfile
> read, or to use set_magic_quotes_runtime(0) (see
>
http://www.php.net/manual/en/function.set-magic-quotes-runtime.php).
> 
> 
> 
> -- 
>>O Ernest E. Vogelsinger
>(\)ICQ #13394035
> ^ http://www.vogelsinger.at/
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 03:37 02.03.2003, Dade Register said:
[snip]
>I know I am doing the exact thing you are If you
>or someone else doesn't mind, could you look @
>http://dragonz-cavern.mine.nu/poems.phps and see what
>I'm doing wrong? I am trying to parse it before it
>gets stored in my txt file. plz help. I'd really
>appreciate it.
[snip] 

You're doing everything right. If you have a look at the datfile you'll
notice there are NO backslashes. Right?

Ok, so the culprit must be fgets() - and indeed this can be found in the
online manual (http://www.php.net/manual/en/function.fgets.php), in the
user comments:

php at silisoftware dot com 13-Jun-2002 06:44   
Beware of magic_quotes_runtime !
php.ini-recommended for PHP v4.2.1 (Windows) had magic_quotes_runtime set
ON, and that addslash'd all input read via fgets()

So the solution here is to either add stripslashes() after your datfile
read, or to use set_magic_quotes_runtime(0) (see
http://www.php.net/manual/en/function.set-magic-quotes-runtime.php).



-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
I know I am doing the exact thing you are If you
or someone else doesn't mind, could you look @
http://dragonz-cavern.mine.nu/poems.phps and see what
I'm doing wrong? I am trying to parse it before it
gets stored in my txt file. plz help. I'd really
appreciate it.
-Dade
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
wrote:
> At 02:05 02.03.2003, Dade Register said:
> [snip]
> >Well, only diff is it's a POST from a textarea.
> With
> >magicquotes on, you're right, it makes "Thank's"
> >become "Thank\'s". how can I get rid of that? I'm
> >posting it to a text file.
> [snip] 
> 
> Use stripslashes().
> 
> Try this example:
> 
>  
> $var = $_REQUEST['blah'];
> echo '$REQUEST[\'blah\']: "', $var, "\"\n";
> $var = stripslashes($var);
> echo 'stripslashe\'d: "', $var, '"';
> echo '',
>  '',
>  $var,
>  '',
>  '';
> 
> ?>
> 
> You will notice the textarea transmits "Thank\'s"
> which is displayed in the
> first line, and stripslashes() removes the backslash
> and displays "Thank's".
> 
> Note that you also must use the stripslashe'd data
> when constructing the
> textarea.
> 
> 
> -- 
>>O Ernest E. Vogelsinger
>(\)ICQ #13394035
> ^ http://www.vogelsinger.at/
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 02:05 02.03.2003, Dade Register said:
[snip]
>Well, only diff is it's a POST from a textarea. With
>magicquotes on, you're right, it makes "Thank's"
>become "Thank\'s". how can I get rid of that? I'm
>posting it to a text file.
[snip] 

Use stripslashes().

Try this example:

$REQUEST[\'blah\']: "', $var, "\"\n";
$var = stripslashes($var);
echo 'stripslashe\'d: "', $var, '"';
echo '',
 '',
 $var,
 '',
 '';

?>

You will notice the textarea transmits "Thank\'s" which is displayed in the
first line, and stripslashes() removes the backslash and displays "Thank's".

Note that you also must use the stripslashe'd data when constructing the
textarea.


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
Well, only diff is it's a POST from a textarea. With
magicquotes on, you're right, it makes "Thank's"
become "Thank\'s". how can I get rid of that? I'm
posting it to a text file.
-Dade
--- Ernest E Vogelsinger <[EMAIL PROTECTED]>
wrote:
> At 01:48 02.03.2003, Dade Register said:
> [snip]
> >I know this is probably an easy question, but I am
> >using stripslashes() on a textarea var, and I don't
> >think it's working. It doesn't error, but in the
> >testarea it doesn't seem to work. Ex:
> >
> >$var = "Thank's";
> >$var = stripslashes($var);
> >echo $var;
> >Output = Thank\'s
> [snip] 
> 
> This can't work since there are no slashes to
> strip...
> 
> stripslashes() strips certain slashes from a string.
> Assume you have a
> textarea where the user enters "Thank's", so PHP
> converts this to
> "Thank\'s" (assuming magic_quotes is set to on).
> Using stripslashes() here
> will get rid of these slashes.
> 
> BTW - the sample you've sent will output "Thank's" -
> what are you doing
> what you didn't show?
> 
> 
> -- 
>>O Ernest E. Vogelsinger
>(\)ICQ #13394035
> ^ http://www.vogelsinger.at/
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 01:48 02.03.2003, Dade Register said:
[snip]
>I know this is probably an easy question, but I am
>using stripslashes() on a textarea var, and I don't
>think it's working. It doesn't error, but in the
>testarea it doesn't seem to work. Ex:
>
>$var = "Thank's";
>$var = stripslashes($var);
>echo $var;
>Output = Thank\'s
[snip] 

This can't work since there are no slashes to strip...

stripslashes() strips certain slashes from a string. Assume you have a
textarea where the user enters "Thank's", so PHP converts this to
"Thank\'s" (assuming magic_quotes is set to on). Using stripslashes() here
will get rid of these slashes.

BTW - the sample you've sent will output "Thank's" - what are you doing
what you didn't show?


-- 
   >O Ernest E. Vogelsinger
   (\)ICQ #13394035
^ http://www.vogelsinger.at/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] stripslashes and quoted material

2003-01-08 Thread Gerard Samuel
I figured out the problem.  magic_quotes_sybase was turned on, on the 
IIS box.
All is well with stripslashes() again.

Chris Wesley wrote:

On Wed, 8 Jan 2003, Gerard Samuel wrote:

 

http://www.apache.org/\"; target=\"_blank\">

When trying to apply stripslashes, the slashes remained.  So I applied
str_replace('\"', '', $var) and that worked.
Any idea as to why stripslashes would not remove the slashes in the string?
   


stripslashes() will unescape single-quotes if magic_quotes_runtime = Off
in your php.ini.  If you have magic_quotes_runtime = On, then it will also
unescape double-quotes (and backslashes and NULLs).

	~Chris



 


--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] stripslashes and quoted material

2003-01-08 Thread Chris Wesley
On Wed, 8 Jan 2003, Gerard Samuel wrote:

> http://www.apache.org/\"; target=\"_blank\">
>
> When trying to apply stripslashes, the slashes remained.  So I applied
> str_replace('\"', '', $var) and that worked.
> Any idea as to why stripslashes would not remove the slashes in the string?

stripslashes() will unescape single-quotes if magic_quotes_runtime = Off
in your php.ini.  If you have magic_quotes_runtime = On, then it will also
unescape double-quotes (and backslashes and NULLs).

~Chris



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Stripslashes through an array.........

2002-11-24 Thread Jason Wong
On Sunday 24 November 2002 20:30, Cookra wrote:
> Hi all is it possible to stripslahes from this query?
>
>
>
> $results = mysql_query("SELECT * FROM $DB_Table_A ORDER BY name ASC LIMIT
> $page, $limit");
>
> while ($data = (mysql_fetch_array($results)))
> {
> //-->< something here would be nice
> }

Usually, it's not necessary to use stripslashes() on data retrieved from a db. 
But if you insist ...


   foreach ($data as $key => $value) {
 $data[$key] = stripslashes($value);
   }

... should work.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
spagmumps, n.:
Any of the millions of Styrofoam wads that accompany mail-order items.
-- "Sniglets", Rich Hall & Friends
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] StripSlashes Problem

2002-08-02 Thread Mark Colvin

John,

Thank you. This solves the problem.

Petre,

Thank you for your reply. I wasn't aware of the difference and will bear
this in mind.




This e-mail is intended for the recipient only and
may contain confidential information. If you are
not the intended recipient then you should reply
to the sender and take no further ation based
upon the content of the message.
Internet e-mails are not necessarily secure and
CCM Limited does not accept any responsibility
for changes made to this message. 
Although checks have been made to ensure this
message and any attchments are free from viruses
the recipient should ensure that this is the case.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] StripSlashes Problem

2002-08-02 Thread Petre

I would suggest you rather do the following ( over and above the 
htmlentities as already suggested )

In stead of doing
echo " ";
to rather
echo '';

The reason is; there is a difference between echo 'stuff' ; and echo 
"stuff";
The first (single quotes) is treated as literal content, ie, PHP justs 
echo's, does no parsing, while the double-quotes means PHP will look at 
the content between the quotes and parse any variables etc.
So, if you are not echoing anything that needs to be parsed, use single 
quotes.

eg.
';
echo "$var";
?>
produses:

$var
testing

It just saves on overhead, and in your case, you would not have run into 
this problem...




Mark Colvin wrote:

>John,
>
>Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
>said, I shouldn't have to use StripSlashes but would I still need to use
>AddSlashes when inserting/updating? I can see the slashes in the database
>when I look at the tables but I am fairly sure that I do not add slashes
>twice? Are they being added automatically somewhere as a result of a setting
>in the php.ini file?
>With regards to my use of mysql_result as opposed to mysql_fetch_*
>functions, I was ignorant of the performance hit and I will now re think
>around my database code.
>
>
>
>
>This e-mail is intended for the recipient only and
>may contain confidential information. If you are
>not the intended recipient then you should reply
>to the sender and take no further ation based
>upon the content of the message.
>Internet e-mails are not necessarily secure and
>CCM Limited does not accept any responsibility
>for changes made to this message. 
>Although checks have been made to ensure this
>message and any attchments are free from viruses
>the recipient should ensure that this is the case.
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] StripSlashes Problem

2002-08-02 Thread 1LT John W. Holmes

If magic_quotes_gpc is ON, then the data is getting addslashes()
automatically on a form submission. If you are doing it again, that's where
the problem is.

---John Holmes...

- Original Message -
From: "Mark Colvin" <[EMAIL PROTECTED]>
To: "'1LT John W. Holmes'" <[EMAIL PROTECTED]>
Cc: "Php (E-mail)" <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 6:37 AM
Subject: RE: [PHP] StripSlashes Problem


> John,
>
> Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
> said, I shouldn't have to use StripSlashes but would I still need to use
> AddSlashes when inserting/updating? I can see the slashes in the database
> when I look at the tables but I am fairly sure that I do not add slashes
> twice? Are they being added automatically somewhere as a result of a
setting
> in the php.ini file?
> With regards to my use of mysql_result as opposed to mysql_fetch_*
> functions, I was ignorant of the performance hit and I will now re think
> around my database code.
>
>
>
> 
> This e-mail is intended for the recipient only and
> may contain confidential information. If you are
> not the intended recipient then you should reply
> to the sender and take no further ation based
> upon the content of the message.
> Internet e-mails are not necessarily secure and
> CCM Limited does not accept any responsibility
> for changes made to this message.
> Although checks have been made to ensure this
> message and any attchments are free from viruses
> the recipient should ensure that this is the case.
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] StripSlashes Problem

2002-08-02 Thread Mark Colvin

John,

Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
said, I shouldn't have to use StripSlashes but would I still need to use
AddSlashes when inserting/updating? I can see the slashes in the database
when I look at the tables but I am fairly sure that I do not add slashes
twice? Are they being added automatically somewhere as a result of a setting
in the php.ini file?
With regards to my use of mysql_result as opposed to mysql_fetch_*
functions, I was ignorant of the performance hit and I will now re think
around my database code.




This e-mail is intended for the recipient only and
may contain confidential information. If you are
not the intended recipient then you should reply
to the sender and take no further ation based
upon the content of the message.
Internet e-mails are not necessarily secure and
CCM Limited does not accept any responsibility
for changes made to this message. 
Although checks have been made to ensure this
message and any attchments are free from viruses
the recipient should ensure that this is the case.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] StripSlashes Problem

2002-08-02 Thread 1LT John W. Holmes

> I use the following php code to build a dynamic table retrieving values
from
> a MySQL databases that have been inserted with slashes added -
>
>  echo " maxlength='20' readonly value='".StripSlashes(mysql_result($badgedetails,
> $i, 'descr'))."' tabindex='1'/>";
>
> The problem is, if the value to be displayed is for example O'Neill, then
> the output will look something like -
>
>  readonly value='O'Neill' tabindex='1'/>
>
> Quite correctly, when this page is rendered, all that will be displayed is
O
> as the apostrophe after the O will be treated as a closing parenthesis. I
> understand AddSlashes and StripSlashes but how can I utilise them to
resolve
> this issue.

HTML doesn't understand that a slash means to escape a character. What you
need to do is use htmlentities() or htmlspecialchars() on the data before
you place it between your quotes.

echo "";

Note: You should not have to be doing stripslashes() on data coming from
your database unless magic_quotes_runtime is ON. If your data is coming out
with slashes in it, or you can SEE the slashes in the actual data in the
database, then you are calling addslashes() twice on your data somehow.

I also kind of question why you have mysql_result in there. It's faster to
use the mysql_fetch_* functions...

---John Holmes...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett

Martin Towell wrote:

>Chris S - I think you're confusing stripslashes w/ addslashes, but
>everything else I'm an agreement w/.
>

You're absolutely right. *blush*

Chris K - Ignore my last paragraph, and everything else should make at 
least partial sense. :-)

Ignore this:

>Well, here's where you're executing stripslashes() twice. See above.
>
>My suggestion is to not try to get your message into a variable that can 
>be used in an SQL query and be sent in an email. You want these to use 
>two different formats. For the email, leave the single quotes as they 
>are; you don't want to see the escaped quotes. For inserting into the 
>database, make sure they are escaped with stripslashes().
>

Happy hacking.

Chris


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Stripslashes help

2002-07-08 Thread Martin Towell

Chris (or should I be addressing Chris :)  )

Chris S - I think you're confusing stripslashes w/ addslashes, but
everything else I'm an agreement w/.

Chris K - Somewhere you've got addslashes twice. As mentioned, one of those
might be in your php.ini file. That's why you need to stripslashes()
twice...

-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 09, 2002 1:54 PM
To: Chris Kay
Cc: PHP General List
Subject: Re: [PHP] Stripslashes help


Chris (nice name),

Chris Kay wrote:

>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail
>

Anytime you see three backslashes in a row, the likely case is the 
addslashes() has been performed twice. For example, the following two 
iterations:

1. "The Klez" -> \"The Klez\"
2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is 
escaped as \")

If your php.ini specifies that magic quotes are on, then that is likely 
the reason for one execution of stripslashes() that you might be 
overlooking. Otherwise, check your code carefully to ensure that you 
know when data has been escaped. A good habit is to use a strict naming 
convention to help you:

$clean_data=stripslashes($data);

>I have fixed this with stripslashes() but problem I am having is that
>If a ( ' ) is used in the email and I loose what ever is after '
>

When you store this in the database, the single quote terminates the 
literal string:

$data="It's hot in Memphis!";
$sql_statement="insert into quotes values('$data');";

echo $sql_statement;

This will give you:

insert into quotes values ('It's hot in Memphis!);

As you can see, your string only consists of "It" at this point.

>$emailbody = stripslashes($_POST["body"]);
>$emailbody = stripslashes($emailbody);
>

Well, here's where you're executing stripslashes() twice. See above.

My suggestion is to not try to get your message into a variable that can 
be used in an SQL query and be sent in an email. You want these to use 
two different formats. For the email, leave the single quotes as they 
are; you don't want to see the escaped quotes. For inserting into the 
database, make sure they are escaped with stripslashes().

Happy hacking.

Chris


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett

Chris (nice name),

Chris Kay wrote:

>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail
>

Anytime you see three backslashes in a row, the likely case is the 
addslashes() has been performed twice. For example, the following two 
iterations:

1. "The Klez" -> \"The Klez\"
2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is 
escaped as \")

If your php.ini specifies that magic quotes are on, then that is likely 
the reason for one execution of stripslashes() that you might be 
overlooking. Otherwise, check your code carefully to ensure that you 
know when data has been escaped. A good habit is to use a strict naming 
convention to help you:

$clean_data=stripslashes($data);

>I have fixed this with stripslashes() but problem I am having is that
>If a ( ' ) is used in the email and I loose what ever is after '
>

When you store this in the database, the single quote terminates the 
literal string:

$data="It's hot in Memphis!";
$sql_statement="insert into quotes values('$data');";

echo $sql_statement;

This will give you:

insert into quotes values ('It's hot in Memphis!);

As you can see, your string only consists of "It" at this point.

>$emailbody = stripslashes($_POST["body"]);
>$emailbody = stripslashes($emailbody);
>

Well, here's where you're executing stripslashes() twice. See above.

My suggestion is to not try to get your message into a variable that can 
be used in an SQL query and be sent in an email. You want these to use 
two different formats. For the email, leave the single quotes as they 
are; you don't want to see the escaped quotes. For inserting into the 
database, make sure they are escaped with stripslashes().

Happy hacking.

Chris


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] Stripslashes & addslashes question ...

2002-03-24 Thread Johnson, Kirk

Have you echo'd the variables before the addslashes() call, to be sure that
the stripslashes() call is being executed?

Kirk

> -Original Message-
> From: John Kelly [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, March 23, 2002 12:59 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Stripslashes & addslashes question ...
> 
> 
> Hi, can someone tell me why the following results in 
> evaluated variables
> with 2 slashes in front of apostrophys instead of one and how 
> I can modify
> it to only add 1? Thanks!
> 
> foreach($_POST as $k=>$v){
> if (get_magic_quotes_gpc()){
> $_POST[$k] = stripslashes($v);
> }
> $_POST[$k] = addslashes($v);
> eval( "\$$k = \"$_POST[$k]\";" );
> }

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




RE: [PHP] stripslashes in web forms

2002-03-04 Thread Niklas Lampén

This should do it:





Niklas


-Original Message-
From: Claudiu [mailto:[EMAIL PROTECTED]] 
Sent: 4. maaliskuuta 2002 11:56
To: [EMAIL PROTECTED]
Subject: [PHP] stripslashes in web forms


Here is the ideea.. i have a string variable $test that contains let's
say : 17" Normally the output on the screen of this string would be echo
$test; ---> 17 \

There is this function stripslashes which gives me the oportunity to
output exactly what i want... i mean 17" .. .but this doesnt seem to
work in an input box in a web form... it outputs only 17 and somehow
misses the " ... What is there to do?

Thanks in advance..
Claus



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] StripSlashes() & quotes in text boxes

2002-01-16 Thread Jimmy

Hi Robert,

> administrator to edit the item description. When displayed in a text box the
> description just shows 17.
> The only solution I can find is to swap the quote marks for "
> when storing the item initially

you can use htmlspecialchars() function to convet all the html chars.
The issue is, when do you convert it, either when you want to display
them on browser, or when user INSERT/UPDATE.

I think it's better to convert it only when displaying to the browser.
so in the DB, the data is still stored as it is, because you might
want to display the data somewhere else other than browser, for
example email or printing.

--
Jimmy

All work and no pay makes a housewife.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] stripslashes() not striping slashes

2001-10-26 Thread Boaz Yahav

Actually,
After coding with PHP since the days me and bourbon shared a cube at
Netvision while he developed php3 I think that's something I would know
:)

The funny issue is that only if I use double stripslashes does it work.

e.g.

$str = stripslashes($str); // This will NOT do the job.
$str = stripslashes(stripslashes($str)); // This will do the job.

This is the 1st time ever that I bumped into such a thing... any idea
why?
Any chance it has to do with the fact that I'm using  ?

berber

-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 6:01 PM
To: Boaz Yahav
Cc: PHP General (E-mail)
Subject: Re: [PHP] stripslashes() not striping slashes


> Anyone has an idea why stripslashes(); doesn't strip slashes?
> I have a form that when it's submitted with a ' sign ads slashes to
the
> submit results.
> I'm taking the variable and sending it through stripslashes(); and yet
> the slashes remain.

You are perhaps thinking it does in-place modification of the argument? 
ie. 

  stripslashes($a);
  echo $a;

That's not how it works.  It returns the stripped string.  ie.

  $a = stripslashes($a);
  echo $a;

-Rasmus


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes() not striping slashes

2001-10-25 Thread Rasmus Lerdorf

> Anyone has an idea why stripslashes(); doesn't strip slashes?
> I have a form that when it's submitted with a ' sign ads slashes to the
> submit results.
> I'm taking the variable and sending it through stripslashes(); and yet
> the slashes remain.

You are perhaps thinking it does in-place modification of the argument? 
ie. 

  stripslashes($a);
  echo $a;

That's not how it works.  It returns the stripped string.  ie.

  $a = stripslashes($a);
  echo $a;

-Rasmus


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes

2001-10-04 Thread Caleb Carvalho

Steve,

Thank you very much,

i will try it now..




Caleb Carvalho
Application Engineer
LoadRunner/APM
-
Enterprise Testing and Performance Management Solutions
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey.  GU16 7ST
United Kingdom
Telephone :  +44 (0)1276 808300



>From: "Steve Werby" <[EMAIL PROTECTED]>
>To: "Caleb Carvalho" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: [PHP] stripslashes
>Date: Thu, 4 Oct 2001 10:47:27 -0400
>
>"Caleb Carvalho" <[EMAIL PROTECTED]> wrote:
> > if i have an array that is fetching the result to be display
> > example,
> > for ($i =1; $i<=sybase_num_rows($result); $i++){
> > $row =sybase_fetch_array($result);
> >
> >   $row[product]
> >   $row[prob_title]
> >   $row[description]$row[solution]
> >
> > where would i put the stripslashes function to get the description?
>
>$var = $row[product] . '' 
>.
>$row[prob_title] .
>'' . stripslashes( $row[description] ) . $row[solution];
>
>--
>Steve Werby
>President, Befriend Internet Services LLC
>http://www.befriend.com/
>
>
>
>


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes

2001-10-04 Thread Steve Werby

"Caleb Carvalho" <[EMAIL PROTECTED]> wrote:
> if i have an array that is fetching the result to be display
> example,
> for ($i =1; $i<=sybase_num_rows($result); $i++){
> $row =sybase_fetch_array($result);
>
>   $row[product]
>   $row[prob_title]
>   $row[description]$row[solution]
>
> where would i put the stripslashes function to get the description?

$var = $row[product] . '' .
$row[prob_title] .
'' . stripslashes( $row[description] ) . $row[solution];

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Stripslashes question.

2001-09-11 Thread Christian Reiniger

On Monday 10 September 2001 23:57, Sean C. McCarthy wrote:
> Hi,
>
> Didn't help. I tried it before that is why I tried with addcslashes.

Not addcslashes. addslashes. Note the missing "c"

-- 
Christian Reiniger
LGDC Webmaster (http://lgdc.sunsite.dk/)

Nothing is more dangerous than an idea if it's the only one you have.

- Emil-Auguste Chartier, "Propos sur la religion", 1938

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes strips too much

2001-09-11 Thread nayco

I 've got the same problem on many scripts using mysql and forms ...
it's hard to handle the " ' " character..
i'd like some advices too !!!



(°-Nayco,
//\[EMAIL PROTECTED]
v_/_ http://nayco.free.fr


- Original Message -
From: Christian Haines <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 11, 2001 9:53 AM
Subject: [PHP] stripslashes strips too much


> hi all,
>
> i am experiencing a bit of a problem with stripslashes stripping too much
> data.
>
> For example:
>
> it will strip abc's -> abc
>
> has anyone else experienced this? is there a solution?
>
> many thanks in advance,
> christian
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Stripslashes question.

2001-09-10 Thread Sean C. McCarthy

Hi,

Didn't help. I tried it before that is why I tried with addcslashes. 

What I have done so far is :

I have cmp'ed the file before adding slashes and after and it seems that
it is eating up the \. Like Pñ\#as renders as Pñ#as after
stripingslashes but in the DB is Pñ\\#as. As far as I know it should
have converted back from \\ to a single \. By the way I am running
4.0.3pl1 Linux

Thanks.

Sean C. McCarthy
SCI, S.L. (www.sci-spain.com)

Jason Bell wrote:
> 
> try addslashes instead.  You might have better luck.
> 
> - Original Message -
> From: "Sean C. McCarthy" <[EMAIL PROTECTED]>
> To: "PHP General List" <[EMAIL PROTECTED]>
> Sent: Monday, September 10, 2001 2:42 PM
> Subject: [PHP] Stripslashes question.
> 
> > Hi all,
> >
> > What will be the way to convert binary information into a string which
> > will get into an SQL query for MySQL? I tried stripcslashes but I got
> > stucked with it. Any help?
> >
> > Thanks in advance.
> >
> > Sean C. McCarthy
> > SCI, S.L. (www.sci-spain.com)
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Stripslashes question.

2001-09-10 Thread Alexander Skwar

So sprach »Sean C. McCarthy« am 2001-09-10 um 22:42:51 +0100 :
> Hi all,
> 
> What will be the way to convert binary information into a string which
> will get into an SQL query for MySQL? I tried stripcslashes but I got
> stucked with it. Any help?

Wrong direction :)  addslashes($binary) will enable you to put it in a
SQL query.

Alexander Skwar
-- 
How to quote:   http://learn.to/quote (german) http://quote.6x.to (english)
Homepage:   http://www.digitalprojects.com   |   http://www.iso-top.de
   iso-top.de - Die günstige Art an Linux Distributionen zu kommen
Uptime: 16 hours 41 minutes

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Stripslashes question.

2001-09-10 Thread Jason Bell

try addslashes instead.  You might have better luck.

- Original Message - 
From: "Sean C. McCarthy" <[EMAIL PROTECTED]>
To: "PHP General List" <[EMAIL PROTECTED]>
Sent: Monday, September 10, 2001 2:42 PM
Subject: [PHP] Stripslashes question.


> Hi all,
> 
> What will be the way to convert binary information into a string which
> will get into an SQL query for MySQL? I tried stripcslashes but I got
> stucked with it. Any help?
> 
> Thanks in advance.
> 
> Sean C. McCarthy
> SCI, S.L. (www.sci-spain.com)
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes

2001-09-04 Thread David Robley

On Wed,  5 Sep 2001 11:20, Gary wrote:
> Hi,
>   Could someone give me an example of using stripslashes with echo and

echo stripslashes($variable_to_strip_slashes_from);

> one with .msg in a mail function.

Not quite sure what you mean by this?

-- 
David Robley  Techno-JoaT, Web Maintainer, Mail List Admin, etc
CENTRE FOR INJURY STUDIES  Flinders University, SOUTH AUSTRALIA  

   No sense being pessimistic. It wouldn't work anyway.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] StripSlashes

2001-05-11 Thread Christian Reiniger

On Thursday 10 May 2001 22:11, Sterling wrote:
> H-
>
> I'd like to be able to strip the slashes from all the imported
> HTTP_POST_VARS.
>
> I found the $string = stripslashes($string); command.
>
> But this becomes very tedious if I have 20 vars and I need to code each
> one with its own stripslashes line.

If you set magig_quotes_gpc = off  in your php.ini you don't need the 
stripslashes anymore (just make sure that you use addslashes () on the 
data before inserting it into the database).

> Which I am currently doing in a function.
>
> So I have two situations.
> One:
> function scrub_slashes(){
> $email = stripslashes($email);
> $first_name = stripslashes(first_name);

My method for reading POST data:

/*
 * Get variable  from POST request
 * Automatically strips slashes when needed
 */
function pbGetPOST ($Name)
{
global $HTTP_POST_VARS;

if (isset ($HTTP_POST_VARS[$Name])) {
if (get_magic_quotes_gpc () &&
is_string ($HTTP_POST_VARS[$Name]))
return stripslashes ($HTTP_POST_VARS[$Name]);
else
return $HTTP_POST_VARS[$Name];
}
else
{
return "";
}
}


function GetFormData ()
{
   $email = pbGetPOST ('email');
   $first_name = pbGetPOST ('first_name');
...
}


> I'm not sure if I'm doing this function correctly. From what I
> understand I think I need to pass each variable to the function; which
> would negate the speedyness of my typing which is what I'm going for
> anyway.
> function scrub_slashes($email, $first_name, etc){ CODE }
>
> and it'd be called like so $scrub_error = scrub_slashes($email,
> $first_name, etc)

Hmm, I think someone else answered that already. But another thing I miss 
in your code is the use of 'global' (See 
http://php.net/manual/en/language.variables.scope.php)

-- 
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)

CPU not found. retry, abort, ignore?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] StripSlashes

2001-05-10 Thread Don Read


On 10-May-01 Sterling wrote:
> H-
> 
> I'd like to be able to strip the slashes from all the imported
> HTTP_POST_VARS. 
> 
> I found the $string = stripslashes($string); command. 
> 
> But this becomes very tedious if I have 20 vars and I need to code each
> one with its own stripslashes line. 



not tested, but try something like:

while (list ($k, $v) =each ($HTTP_POST_VARS)) {
   $$k=stripslashes($v);
}

Regards,
-- 
Don Read   [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to 
   steal the neighbor's newspaper, that's the time to do it.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] StripSlashes

2001-05-10 Thread Altunergil, Oktay

You can make the variables into a class and have the object call the same
function with all its variables.
Or turn magic quotes GPC on (and remove the addslashes() calls)

Oktay Altunergil

-Original Message-
From: Sterling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 10, 2001 4:12 PM
To: PHP List
Subject: [PHP] StripSlashes


H-

I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS. 

I found the $string = stripslashes($string); command. 

But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line. 
Which I am currently doing in a function. 

So I have two situations. 
One: 
function scrub_slashes(){
$email = stripslashes($email);
$first_name = stripslashes(first_name);
$last_name = stripslashes($last_name);
$street1 = stripslashes($street1);
$street2 = stripslashes($street2);
$city = stripslashes($city);
$zipcode = stripslashes($zipcode);
} 

I'm not sure if I'm doing this function correctly. From what I
understand I think I need to pass each variable to the function; which
would negate the speedyness of my typing which is what I'm going for
anyway. 
function scrub_slashes($email, $first_name, etc){ CODE }

and it'd be called like so $scrub_error = scrub_slashes($email,
$first_name, etc) 
I might as well copy paste the $email stripslashes($email); $first_name
= stripslashes($first_name);
in any location that it's needed. It might seem lazy but I really don't
see why I need to dupe the code when I could put it into a function.

Second situation:
Is there a better way to pass all the variables into the function
without typing out each one that's gonna be used in the function? 
Am I even using the function correctly? 
Am I confusing anyone? 

Thanks for any info or advice any can provide. 

Thoughts, Comments, Anecdotes? 
-Sterling

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?

2001-04-19 Thread Johnson, Kirk

You know, I tried this before sending my email, and it didn't work as you
describe. And yes, then I re-checked my .htaccess file, and yes, I had
"sybase" turned off. Doh!

Kirk

> -Original Message-
> From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
> 
> stripslashes() sees the magic_quotes_sybase setting and behaves
> accordingly.
> 
> -Rasmus
> 
> On Wed, 18 Apr 2001, Johnson, Kirk wrote:
> 
> > With magic_quotes_sybase = on, a single quote in 
> Get/Post/Cookie data gets
> > escaped with another single quote. Is there a function analagous to
> > stripslashes that will strip off the escaping quote?
> >
> > TIA
> >
> > Kirk
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?

2001-04-18 Thread Rasmus Lerdorf

stripslashes() sees the magic_quotes_sybase setting and behaves
accordingly.

-Rasmus

On Wed, 18 Apr 2001, Johnson, Kirk wrote:

> With magic_quotes_sybase = on, a single quote in Get/Post/Cookie data gets
> escaped with another single quote. Is there a function analagous to
> stripslashes that will strip off the escaping quote?
>
> TIA
>
> Kirk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]