What are these magic quotes anyways?. What are they used for? escaping?
Regards,
Ravi.
On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson simples...@gmail.comwrote:
On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote:
I was doing a test of stripslashes on a $_POST, when I
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell r...@cbord.com wrote:
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted
stripslashes() is rife with gaping security holes. For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.
For outputting data on the page you should ideally be using
htmlspecialchars($var, ENT_QUOTES);
cheers,
Russ
On Thu, Dec 23, 2010 at 6:48
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias rus...@gmail.com wrote:
stripslashes() is rife with gaping security holes. For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.
For outputting data on the page you should ideally be using
-Original Message-
From: Gary [mailto:gp...@paulgdesigns.com]
Sent: Wednesday, November 17, 2010 2:17 PM
To: php-general@lists.php.net
Subject: Re: [PHP] Stripslashes
snip
I also assume that until php 6 is out and or I upgrade to it, I will have
to
deal with magic_quotes
Adam Richardson simples...@gmail.com wrote in message
news:aanlktin_9_tfe9q+dc2hoynsavccoyuecudkqd919...@mail.gmail.com...
On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote:
I was doing a test of stripslashes on a $_POST, when I recieved the
email,
all of the slashes were
Adam
Thanks for your reply. So if I disable magic_quotes, and I assume I can do
that a script, then the stripslashes would work as the manuel said it
would,
meaning
G\\a//r\y\\ becomes G\a//r'y\
I also assume that until php 6 is out and or I upgrade to it, I will have
to
deal with
On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote:
I was doing a test of stripslashes on a $_POST, when I recieved the email,
all of the slashes were still in the data posted.
I used :
$fname = stripslashes($_POST['fname']);
I input G\\a//r\y\\, and was expecting,
On Sun, Oct 24, 2010 at 6:29 PM, Gary gp...@paulgdesigns.com wrote:
In my form processing scripts, I usually have the variable set as so:
$email = stripslashes($_POST['email']);
I have discovered that the program that I use has a pre-written function of
this:
// remove escape characters
-
Thanks
-Original Message-
From: Larry Garfield [mailto:[EMAIL PROTECTED]
Sent: January 15, 2007 12:02 AM
To: Beauford; PHP-General
Subject: Re: [PHP] Stripslashes
Copying this back on list where it belongs...
If the apache process on the server is configured to support
On 1/14/07, Beauford [EMAIL PROTECTED] wrote:
I guess I'm just doing something wrong, 'cause that doesn't work either -
nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the form it shows
what they have entered, this is where I get the \.
On 1/15/07, Beauford [EMAIL PROTECTED] wrote:
I'm familiar with the .htaccess file and I am told by the hosting company
that apache is set up to use it, I've just never used it much - especially
for PHP. If this works I'd even like to set an includes file for PHP. Here
is the file.
#
the user has input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm
Beauford wrote:
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
, Beauford wrote:
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I
: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't
work either - nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the
form
-Original Message-
From: Larry Garfield [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 4:39 PM
To: php-general@lists.php.net
Subject: Re: [PHP] Stripslashes
On a real web host, they'll let you have a .htaccess file where you
can disable them like so:
php_value
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have tried
about a hundred different ways of doing this and nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST);
}
Jim Lucas
That will break as soon as you submit an array back through a POST request,
which I do rather
Larry Garfield wrote:
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST);
}
Jim Lucas
That will break as soon as you submit an array back through a POST
On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals [EMAIL PROTECTED] wrote:
Hi,
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I'd like to know, if I can do
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I'd like to know, if I can do stripslashes() directly, as it is suposed
that all data was inserted into
Jordi Canals wrote:
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I remember being taught this lesson long ago. :)
You do not need to strip slashes from the data
Philip Olson wrote:
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
To add further comment. If you're required to run stripslashes() on
data coming out of your
I need to stripslashes() practically every $value as I pass data from
one
submit to another.
L\'apprentissage d\'une langue ...
Instead of doing it to every $value, someone showed me once something
I
could add something to the beginning of my script. It was some type of
code on a
You could write a function like
strippostslashes()
that is called on everypage that access the $_POST or $_GET variables...
--
Ray
On Sat, 2003-03-08 at 23:29, John Taylor-Johnston wrote:
I need to stripslashes() practically every $value as I pass data from one submit to
another.
Try this (untestted):
if(get_magic_quotes_gpc()){
foreach($_REQUEST as $vname = $value){
$$vname = stripslashes($vname);
}
}
John Taylor-Johnston wrote:
I need to stripslashes() practically every $value as I pass data from one submit to another.
L\'apprentissage d\'une langue ...
At 01:48 02.03.2003, Dade Register said:
[snip]
I know this is probably an easy question, but I am
using stripslashes() on a textarea var, and I don't
think it's working. It doesn't error, but in the
testarea it doesn't seem to work. Ex:
$var = Thank's;
Well, only diff is it's a POST from a textarea. With
magicquotes on, you're right, it makes Thank's
become Thank\'s. how can I get rid of that? I'm
posting it to a text file.
-Dade
--- Ernest E Vogelsinger [EMAIL PROTECTED]
wrote:
At 01:48 02.03.2003, Dade Register said:
At 02:05 02.03.2003, Dade Register said:
[snip]
Well, only diff is it's a POST from a textarea. With
magicquotes on, you're right, it makes Thank's
become Thank\'s. how can I get rid of that? I'm
posting it to a text file.
I know I am doing the exact thing you are If you
or someone else doesn't mind, could you look @
http://dragonz-cavern.mine.nu/poems.phps and see what
I'm doing wrong? I am trying to parse it before it
gets stored in my txt file. plz help. I'd really
appreciate it.
-Dade
--- Ernest E
At 03:37 02.03.2003, Dade Register said:
[snip]
I know I am doing the exact thing you are If you
or someone else doesn't mind, could you look @
http://dragonz-cavern.mine.nu/poems.phps and see what
I'm doing wrong? I am trying to parse it before it
gets
Thanx a lot for your help.
It adds to the .dat file. it's not fgets().
Dade [EMAIL PROTECTED]'s
That's from the dat file. any other ideas?
-Dade
--- Ernest E Vogelsinger [EMAIL PROTECTED]
wrote:
At 03:37 02.03.2003, Dade Register said:
[snip]
I know I
At 04:03 02.03.2003, Dade Register said:
[snip]
Thanx a lot for your help.
It adds to the .dat file. it's not fgets().
Dade [EMAIL PROTECTED]'s
That's from the dat file. any other ideas?
[snip]
add this line
On Wed, 8 Jan 2003, Gerard Samuel wrote:
a href=\http://www.apache.org/\; target=\_blank\
When trying to apply stripslashes, the slashes remained. So I applied
str_replace('\', '', $var) and that worked.
Any idea as to why stripslashes would not remove the slashes in the string?
I figured out the problem. magic_quotes_sybase was turned on, on the
IIS box.
All is well with stripslashes() again.
Chris Wesley wrote:
On Wed, 8 Jan 2003, Gerard Samuel wrote:
a href=\http://www.apache.org/\; target=\_blank\
When trying to apply stripslashes, the slashes remained. So I
On Sunday 24 November 2002 20:30, Cookra wrote:
Hi all is it possible to stripslahes from this query?
$results = mysql_query(SELECT * FROM $DB_Table_A ORDER BY name ASC LIMIT
$page, $limit);
while ($data = (mysql_fetch_array($results)))
{
//-- something here would be nice
}
Usually,
I use the following php code to build a dynamic table retrieving values
from
a MySQL databases that have been inserted with slashes added -
echo td width='100'input name='descr' type='text' size='45'
maxlength='20' readonly value='.StripSlashes(mysql_result($badgedetails,
$i,
John,
Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
said, I shouldn't have to use StripSlashes but would I still need to use
AddSlashes when inserting/updating? I can see the slashes in the database
when I look at the tables but I am fairly sure that I do not add
-mail) [EMAIL PROTECTED]
Sent: Friday, August 02, 2002 6:37 AM
Subject: RE: [PHP] StripSlashes Problem
John,
Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you
said, I shouldn't have to use StripSlashes but would I still need to use
AddSlashes when inserting/updating? I
I would suggest you rather do the following ( over and above the
htmlentities as already suggested )
In stead of doing
echo html with single='quotes';
to rather
echo 'html with double=quotes';
The reason is; there is a difference between echo 'stuff' ; and echo
stuff;
The first (single
John,
Thank you. This solves the problem.
Petre,
Thank you for your reply. I wasn't aware of the difference and will bear
this in mind.
This e-mail is intended for the recipient only and
may contain confidential information. If you are
Chris (nice name),
Chris Kay wrote:
A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail
Anytime you see three backslashes in a row, the likely case is the
addslashes() has been performed twice. For example, the following two
iterations:
1. The Klez - \The Klez\
2. \The Klez\ -
()
twice...
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 09, 2002 1:54 PM
To: Chris Kay
Cc: PHP General List
Subject: Re: [PHP] Stripslashes help
Chris (nice name),
Chris Kay wrote:
A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail
Martin Towell wrote:
Chris S - I think you're confusing stripslashes w/ addslashes, but
everything else I'm an agreement w/.
You're absolutely right. *blush*
Chris K - Ignore my last paragraph, and everything else should make at
least partial sense. :-)
Ignore this:
Well, here's where
Have you echo'd the variables before the addslashes() call, to be sure that
the stripslashes() call is being executed?
Kirk
-Original Message-
From: John Kelly [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 23, 2002 12:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Stripslashes
This should do it:
?
$test = 17\ blah;
$test = stripslashes($test);
?
input type=text name=test value=?=htmlspecialchars($test)?
Niklas
-Original Message-
From: Claudiu [mailto:[EMAIL PROTECTED]]
Sent: 4. maaliskuuta 2002 11:56
To: [EMAIL PROTECTED]
Subject: [PHP] stripslashes in
Hi Robert,
administrator to edit the item description. When displayed in a text box the
description just shows 17.
The only solution I can find is to swap the quote marks for quot;
when storing the item initially
you can use htmlspecialchars() function to convet all the html chars.
The
: Thursday, October 25, 2001 6:01 PM
To: Boaz Yahav
Cc: PHP General (E-mail)
Subject: Re: [PHP] stripslashes() not striping slashes
Anyone has an idea why stripslashes(); doesn't strip slashes?
I have a form that when it's submitted with a ' sign ads slashes to
the
submit results.
I'm taking
Anyone has an idea why stripslashes(); doesn't strip slashes?
I have a form that when it's submitted with a ' sign ads slashes to the
submit results.
I'm taking the variable and sending it through stripslashes(); and yet
the slashes remain.
You are perhaps thinking it does in-place
Caleb Carvalho [EMAIL PROTECTED] wrote:
if i have an array that is fetching the result to be display
example,
for ($i =1; $i=sybase_num_rows($result); $i++){
$row =sybase_fetch_array($result);
$row[product]
a href=solution.php?id=$row[prob_title]$row[prob_title]/a
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey. GU16 7ST
United Kingdom
Telephone : +44 (0)1276 808300
From: Steve Werby [EMAIL PROTECTED]
To: Caleb Carvalho [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PHP] stripslashes
Date: Thu
I 've got the same problem on many scripts using mysql and forms ...
it's hard to handle the ' character..
i'd like some advices too !!!
(°-Nayco,
//\[EMAIL PROTECTED]
v_/_ http://nayco.free.fr
- Original Message -
From: Christian Haines [EMAIL
try addslashes instead. You might have better luck.
- Original Message -
From: Sean C. McCarthy [EMAIL PROTECTED]
To: PHP General List [EMAIL PROTECTED]
Sent: Monday, September 10, 2001 2:42 PM
Subject: [PHP] Stripslashes question.
Hi all,
What will be the way to convert binary
So sprach »Sean C. McCarthy« am 2001-09-10 um 22:42:51 +0100 :
Hi all,
What will be the way to convert binary information into a string which
will get into an SQL query for MySQL? I tried stripcslashes but I got
stucked with it. Any help?
Wrong direction :) addslashes($binary) will enable
Hi,
Didn't help. I tried it before that is why I tried with addcslashes.
What I have done so far is :
I have cmp'ed the file before adding slashes and after and it seems that
it is eating up the \. Like Pñ\#as renders as Pñ#as after
stripingslashes but in the DB is Pñ\\#as. As far as I know
On Wed, 5 Sep 2001 11:20, Gary wrote:
Hi,
Could someone give me an example of using stripslashes with echo and
echo stripslashes($variable_to_strip_slashes_from);
one with .msg in a mail function.
Not quite sure what you mean by this?
--
David Robley Techno-JoaT, Web Maintainer,
On Thursday 10 May 2001 22:11, Sterling wrote:
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes
You can make the variables into a class and have the object call the same
function with all its variables.
Or turn magic quotes GPC on (and remove the addslashes() calls)
Oktay Altunergil
-Original Message-
From: Sterling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 10, 2001 4:12 PM
On 10-May-01 Sterling wrote:
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line.
snip
You know, I tried this before sending my email, and it didn't work as you
describe. And yes, then I re-checked my .htaccess file, and yes, I had
"sybase" turned off. Doh!
Kirk
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
stripslashes() sees the
stripslashes() sees the magic_quotes_sybase setting and behaves
accordingly.
-Rasmus
On Wed, 18 Apr 2001, Johnson, Kirk wrote:
With magic_quotes_sybase = on, a single quote in Get/Post/Cookie data gets
escaped with another single quote. Is there a function analagous to
stripslashes that
64 matches
Mail list logo