Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
What are these magic quotes anyways?. What are they used for? escaping? Regards, Ravi. On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson simples...@gmail.comwrote: On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I

RE: [PHP] Stripslashes

2010-12-22 Thread Bob McConnell
From: Ravi Gehlot What are these magic quotes anyways?. What are they used for? escaping? I wasn't there at the time, but I gather that the general idea was to automagically insert escape characters into data submitted from a form. However, they used a backslash as the escape character, which

Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell r...@cbord.com wrote: From: Ravi Gehlot What are these magic quotes anyways?. What are they used for? escaping? I wasn't there at the time, but I gather that the general idea was to automagically insert escape characters into data submitted

Re: [PHP] Stripslashes

2010-12-22 Thread Russell Dias
stripslashes() is rife with gaping security holes. For mysql insertion rely on mysql_real_escape_string() or alternatively, you can use prepared statements. For outputting data on the page you should ideally be using htmlspecialchars($var, ENT_QUOTES); cheers, Russ On Thu, Dec 23, 2010 at 6:48

Re: [PHP] Stripslashes

2010-12-22 Thread Ravi Gehlot
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias rus...@gmail.com wrote: stripslashes() is rife with gaping security holes. For mysql insertion rely on mysql_real_escape_string() or alternatively, you can use prepared statements. For outputting data on the page you should ideally be using

RE: [PHP] Stripslashes

2010-11-18 Thread Tommy Pham
-Original Message- From: Gary [mailto:gp...@paulgdesigns.com] Sent: Wednesday, November 17, 2010 2:17 PM To: php-general@lists.php.net Subject: Re: [PHP] Stripslashes snip I also assume that until php 6 is out and or I upgrade to it, I will have to deal with magic_quotes

Re: [PHP] Stripslashes

2010-11-17 Thread Gary
Adam Richardson simples...@gmail.com wrote in message news:aanlktin_9_tfe9q+dc2hoynsavccoyuecudkqd919...@mail.gmail.com... On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were

Re: [PHP] Stripslashes

2010-11-17 Thread Adam Richardson
Adam Thanks for your reply. So if I disable magic_quotes, and I assume I can do that a script, then the stripslashes would work as the manuel said it would, meaning G\\a//r\y\\ becomes G\a//r'y\ I also assume that until php 6 is out and or I upgrade to it, I will have to deal with

Re: [PHP] Stripslashes

2010-11-16 Thread Adam Richardson
On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were still in the data posted. I used : $fname = stripslashes($_POST['fname']); I input G\\a//r\y\\, and was expecting,

Re: [PHP] Stripslashes redundancy question.

2010-10-24 Thread Adam Richardson
On Sun, Oct 24, 2010 at 6:29 PM, Gary gp...@paulgdesigns.com wrote: In my form processing scripts, I usually have the variable set as so: $email = stripslashes($_POST['email']); I have discovered that the program that I use has a pre-written function of this: // remove escape characters

RE: [PHP] Stripslashes

2007-01-15 Thread Beauford
- Thanks -Original Message- From: Larry Garfield [mailto:[EMAIL PROTECTED] Sent: January 15, 2007 12:02 AM To: Beauford; PHP-General Subject: Re: [PHP] Stripslashes Copying this back on list where it belongs... If the apache process on the server is configured to support

Re: [PHP] Stripslashes

2007-01-15 Thread Curt Zirzow
On 1/14/07, Beauford [EMAIL PROTECTED] wrote: I guess I'm just doing something wrong, 'cause that doesn't work either - nor do the hundreds of other snippets I've used. Here's the scenario. I have a form - after they submit the form it shows what they have entered, this is where I get the \.

Re: [PHP] Stripslashes

2007-01-15 Thread Curt Zirzow
On 1/15/07, Beauford [EMAIL PROTECTED] wrote: I'm familiar with the .htaccess file and I am told by the hosting company that apache is set up to use it, I've just never used it much - especially for PHP. If this works I'd even like to set an includes file for PHP. Here is the file. #

RE: [PHP] Stripslashes

2007-01-14 Thread Beauford
the user has input invalid data. All this is being done on the same page. -Original Message- From: Jim Lucas [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 1:02 AM To: Beauford Cc: PHP Subject: Re: [PHP] Stripslashes Beauford wrote: Hi, Anyone know how I can strip slashes

RE: [PHP] Stripslashes

2007-01-14 Thread Beauford
I just turned off get_magic_quotes in my PHP.ini, but not sure if the hosting company has it on or not once I upload the site. -Original Message- From: Beauford [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 11:34 AM To: 'PHP' Subject: RE: [PHP] Stripslashes I guess I'm

Re: [PHP] Stripslashes

2007-01-14 Thread Jim Lucas
Beauford wrote: I just turned off get_magic_quotes in my PHP.ini, but not sure if the hosting company has it on or not once I upload the site. -Original Message- From: Beauford [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 11:34 AM To: 'PHP' Subject: RE: [PHP] Stripslashes

Re: [PHP] Stripslashes

2007-01-14 Thread Larry Garfield
, Beauford wrote: I just turned off get_magic_quotes in my PHP.ini, but not sure if the hosting company has it on or not once I upload the site. -Original Message- From: Beauford [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 11:34 AM To: 'PHP' Subject: RE: [PHP] Stripslashes I

Re: [PHP] Stripslashes

2007-01-14 Thread Jim Lucas
: Beauford [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 11:34 AM To: 'PHP' Subject: RE: [PHP] Stripslashes I guess I'm just doing something wrong, 'cause that doesn't work either - nor do the hundreds of other snippets I've used. Here's the scenario. I have a form - after they submit the form

Re: [PHP] Stripslashes

2007-01-14 Thread Larry Garfield
-Original Message- From: Larry Garfield [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 4:39 PM To: php-general@lists.php.net Subject: Re: [PHP] Stripslashes On a real web host, they'll let you have a .htaccess file where you can disable them like so: php_value

Re: [PHP] Stripslashes

2007-01-13 Thread Jim Lucas
Beauford wrote: Hi, Anyone know how I can strip slashes from $_POST variables. I have tried about a hundred different ways of doing this and nothing works. i.e. if(!empty($_POST)){ foreach($_POST as $x = $y){ $_POST[$x] = stripslashes($y); } } This came about after someone tried to enter

Re: [PHP] Stripslashes

2007-01-13 Thread Larry Garfield
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote: This is what I use, and it has worked ever time. if ( get_magic_quotes_gpc() ) { $_POST = array_map(stripslashes, $_POST); } Jim Lucas That will break as soon as you submit an array back through a POST request, which I do rather

Re: [PHP] Stripslashes

2007-01-13 Thread Jim Lucas
Larry Garfield wrote: On Sunday 14 January 2007 12:01 am, Jim Lucas wrote: This is what I use, and it has worked ever time. if ( get_magic_quotes_gpc() ) { $_POST = array_map(stripslashes, $_POST); } Jim Lucas That will break as soon as you submit an array back through a POST

Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Justin Patrin
On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals [EMAIL PROTECTED] wrote: Hi, I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. I'd like to know, if I can do

Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Philip Olson
I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. I'd like to know, if I can do stripslashes() directly, as it is suposed that all data was inserted into

Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread John W. Holmes
Jordi Canals wrote: I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. I remember being taught this lesson long ago. :) You do not need to strip slashes from the data

Re: [PHP] stripslashes() when reading from the DB

2004-07-12 Thread Jordi Canals
Philip Olson wrote: I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. To add further comment. If you're required to run stripslashes() on data coming out of your

RE: [PHP] stripslashes()

2003-03-09 Thread John W. Holmes
I need to stripslashes() practically every $value as I pass data from one submit to another. L\'apprentissage d\'une langue ... Instead of doing it to every $value, someone showed me once something I could add something to the beginning of my script. It was some type of code on a

Re: [PHP] stripslashes()

2003-03-08 Thread Ray Hunter
You could write a function like strippostslashes() that is called on everypage that access the $_POST or $_GET variables... -- Ray On Sat, 2003-03-08 at 23:29, John Taylor-Johnston wrote: I need to stripslashes() practically every $value as I pass data from one submit to another.

Re: [PHP] stripslashes()

2003-03-08 Thread Leif K-Brooks
Try this (untestted): if(get_magic_quotes_gpc()){ foreach($_REQUEST as $vname = $value){ $$vname = stripslashes($vname); } } John Taylor-Johnston wrote: I need to stripslashes() practically every $value as I pass data from one submit to another. L\'apprentissage d\'une langue ...

Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 01:48 02.03.2003, Dade Register said: [snip] I know this is probably an easy question, but I am using stripslashes() on a textarea var, and I don't think it's working. It doesn't error, but in the testarea it doesn't seem to work. Ex: $var = Thank's;

Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
Well, only diff is it's a POST from a textarea. With magicquotes on, you're right, it makes Thank's become Thank\'s. how can I get rid of that? I'm posting it to a text file. -Dade --- Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 01:48 02.03.2003, Dade Register said:

Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 02:05 02.03.2003, Dade Register said: [snip] Well, only diff is it's a POST from a textarea. With magicquotes on, you're right, it makes Thank's become Thank\'s. how can I get rid of that? I'm posting it to a text file.

Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
I know I am doing the exact thing you are If you or someone else doesn't mind, could you look @ http://dragonz-cavern.mine.nu/poems.phps and see what I'm doing wrong? I am trying to parse it before it gets stored in my txt file. plz help. I'd really appreciate it. -Dade --- Ernest E

Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 03:37 02.03.2003, Dade Register said: [snip] I know I am doing the exact thing you are If you or someone else doesn't mind, could you look @ http://dragonz-cavern.mine.nu/poems.phps and see what I'm doing wrong? I am trying to parse it before it gets

Re: [PHP] stripslashes()

2003-03-01 Thread Dade Register
Thanx a lot for your help. It adds to the .dat file. it's not fgets(). Dade [EMAIL PROTECTED]'s That's from the dat file. any other ideas? -Dade --- Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 03:37 02.03.2003, Dade Register said: [snip] I know I

Re: [PHP] stripslashes()

2003-03-01 Thread Ernest E Vogelsinger
At 04:03 02.03.2003, Dade Register said: [snip] Thanx a lot for your help. It adds to the .dat file. it's not fgets(). Dade [EMAIL PROTECTED]'s That's from the dat file. any other ideas? [snip] add this line

Re: [PHP] stripslashes and quoted material

2003-01-08 Thread Chris Wesley
On Wed, 8 Jan 2003, Gerard Samuel wrote: a href=\http://www.apache.org/\; target=\_blank\ When trying to apply stripslashes, the slashes remained. So I applied str_replace('\', '', $var) and that worked. Any idea as to why stripslashes would not remove the slashes in the string?

Re: [PHP] stripslashes and quoted material

2003-01-08 Thread Gerard Samuel
I figured out the problem. magic_quotes_sybase was turned on, on the IIS box. All is well with stripslashes() again. Chris Wesley wrote: On Wed, 8 Jan 2003, Gerard Samuel wrote: a href=\http://www.apache.org/\; target=\_blank\ When trying to apply stripslashes, the slashes remained. So I

Re: [PHP] Stripslashes through an array.........

2002-11-24 Thread Jason Wong
On Sunday 24 November 2002 20:30, Cookra wrote: Hi all is it possible to stripslahes from this query? $results = mysql_query(SELECT * FROM $DB_Table_A ORDER BY name ASC LIMIT $page, $limit); while ($data = (mysql_fetch_array($results))) { //-- something here would be nice } Usually,

Re: [PHP] StripSlashes Problem

2002-08-02 Thread 1LT John W. Holmes
I use the following php code to build a dynamic table retrieving values from a MySQL databases that have been inserted with slashes added - echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.StripSlashes(mysql_result($badgedetails, $i,

RE: [PHP] StripSlashes Problem

2002-08-02 Thread Mark Colvin
John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add

Re: [PHP] StripSlashes Problem

2002-08-02 Thread 1LT John W. Holmes
-mail) [EMAIL PROTECTED] Sent: Friday, August 02, 2002 6:37 AM Subject: RE: [PHP] StripSlashes Problem John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I

Re: [PHP] StripSlashes Problem

2002-08-02 Thread Petre
I would suggest you rather do the following ( over and above the htmlentities as already suggested ) In stead of doing echo html with single='quotes'; to rather echo 'html with double=quotes'; The reason is; there is a difference between echo 'stuff' ; and echo stuff; The first (single

RE: [PHP] StripSlashes Problem

2002-08-02 Thread Mark Colvin
John, Thank you. This solves the problem. Petre, Thank you for your reply. I wasn't aware of the difference and will bear this in mind. This e-mail is intended for the recipient only and may contain confidential information. If you are

Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett
Chris (nice name), Chris Kay wrote: A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail Anytime you see three backslashes in a row, the likely case is the addslashes() has been performed twice. For example, the following two iterations: 1. The Klez - \The Klez\ 2. \The Klez\ -

RE: [PHP] Stripslashes help

2002-07-08 Thread Martin Towell
() twice... -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 1:54 PM To: Chris Kay Cc: PHP General List Subject: Re: [PHP] Stripslashes help Chris (nice name), Chris Kay wrote: A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail

Re: [PHP] Stripslashes help

2002-07-08 Thread Chris Shiflett
Martin Towell wrote: Chris S - I think you're confusing stripslashes w/ addslashes, but everything else I'm an agreement w/. You're absolutely right. *blush* Chris K - Ignore my last paragraph, and everything else should make at least partial sense. :-) Ignore this: Well, here's where

RE: [PHP] Stripslashes addslashes question ...

2002-03-24 Thread Johnson, Kirk
Have you echo'd the variables before the addslashes() call, to be sure that the stripslashes() call is being executed? Kirk -Original Message- From: John Kelly [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 23, 2002 12:59 AM To: [EMAIL PROTECTED] Subject: [PHP] Stripslashes

RE: [PHP] stripslashes in web forms

2002-03-04 Thread Niklas Lampén
This should do it: ? $test = 17\ blah; $test = stripslashes($test); ? input type=text name=test value=?=htmlspecialchars($test)? Niklas -Original Message- From: Claudiu [mailto:[EMAIL PROTECTED]] Sent: 4. maaliskuuta 2002 11:56 To: [EMAIL PROTECTED] Subject: [PHP] stripslashes in

Re: [PHP] StripSlashes() quotes in text boxes

2002-01-16 Thread Jimmy
Hi Robert, administrator to edit the item description. When displayed in a text box the description just shows 17. The only solution I can find is to swap the quote marks for quot; when storing the item initially you can use htmlspecialchars() function to convet all the html chars. The

RE: [PHP] stripslashes() not striping slashes

2001-10-26 Thread Boaz Yahav
: Thursday, October 25, 2001 6:01 PM To: Boaz Yahav Cc: PHP General (E-mail) Subject: Re: [PHP] stripslashes() not striping slashes Anyone has an idea why stripslashes(); doesn't strip slashes? I have a form that when it's submitted with a ' sign ads slashes to the submit results. I'm taking

Re: [PHP] stripslashes() not striping slashes

2001-10-25 Thread Rasmus Lerdorf
Anyone has an idea why stripslashes(); doesn't strip slashes? I have a form that when it's submitted with a ' sign ads slashes to the submit results. I'm taking the variable and sending it through stripslashes(); and yet the slashes remain. You are perhaps thinking it does in-place

Re: [PHP] stripslashes

2001-10-04 Thread Steve Werby
Caleb Carvalho [EMAIL PROTECTED] wrote: if i have an array that is fetching the result to be display example, for ($i =1; $i=sybase_num_rows($result); $i++){ $row =sybase_fetch_array($result); $row[product] a href=solution.php?id=$row[prob_title]$row[prob_title]/a

Re: [PHP] stripslashes

2001-10-04 Thread Caleb Carvalho
- Mercury Interactive 410 Frimley Business Park Frimley, Surrey. GU16 7ST United Kingdom Telephone : +44 (0)1276 808300 From: Steve Werby [EMAIL PROTECTED] To: Caleb Carvalho [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP] stripslashes Date: Thu

Re: [PHP] stripslashes strips too much

2001-09-11 Thread nayco
I 've got the same problem on many scripts using mysql and forms ... it's hard to handle the ' character.. i'd like some advices too !!! (°-Nayco, //\[EMAIL PROTECTED] v_/_ http://nayco.free.fr - Original Message - From: Christian Haines [EMAIL

Re: [PHP] Stripslashes question.

2001-09-10 Thread Jason Bell
try addslashes instead. You might have better luck. - Original Message - From: Sean C. McCarthy [EMAIL PROTECTED] To: PHP General List [EMAIL PROTECTED] Sent: Monday, September 10, 2001 2:42 PM Subject: [PHP] Stripslashes question. Hi all, What will be the way to convert binary

Re: [PHP] Stripslashes question.

2001-09-10 Thread Alexander Skwar
So sprach »Sean C. McCarthy« am 2001-09-10 um 22:42:51 +0100 : Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Wrong direction :) addslashes($binary) will enable

Re: [PHP] Stripslashes question.

2001-09-10 Thread Sean C. McCarthy
Hi, Didn't help. I tried it before that is why I tried with addcslashes. What I have done so far is : I have cmp'ed the file before adding slashes and after and it seems that it is eating up the \. Like Pñ\#as renders as Pñ#as after stripingslashes but in the DB is Pñ\\#as. As far as I know

Re: [PHP] stripslashes

2001-09-04 Thread David Robley
On Wed, 5 Sep 2001 11:20, Gary wrote: Hi, Could someone give me an example of using stripslashes with echo and echo stripslashes($variable_to_strip_slashes_from); one with .msg in a mail function. Not quite sure what you mean by this? -- David Robley Techno-JoaT, Web Maintainer,

Re: [PHP] StripSlashes

2001-05-11 Thread Christian Reiniger
On Thursday 10 May 2001 22:11, Sterling wrote: H- I'd like to be able to strip the slashes from all the imported HTTP_POST_VARS. I found the $string = stripslashes($string); command. But this becomes very tedious if I have 20 vars and I need to code each one with its own stripslashes

RE: [PHP] StripSlashes

2001-05-10 Thread Altunergil, Oktay
You can make the variables into a class and have the object call the same function with all its variables. Or turn magic quotes GPC on (and remove the addslashes() calls) Oktay Altunergil -Original Message- From: Sterling [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 4:12 PM

RE: [PHP] StripSlashes

2001-05-10 Thread Don Read
On 10-May-01 Sterling wrote: H- I'd like to be able to strip the slashes from all the imported HTTP_POST_VARS. I found the $string = stripslashes($string); command. But this becomes very tedious if I have 20 vars and I need to code each one with its own stripslashes line. snip

RE: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?

2001-04-19 Thread Johnson, Kirk
You know, I tried this before sending my email, and it didn't work as you describe. And yes, then I re-checked my .htaccess file, and yes, I had "sybase" turned off. Doh! Kirk -Original Message- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] stripslashes() sees the

Re: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?

2001-04-18 Thread Rasmus Lerdorf
stripslashes() sees the magic_quotes_sybase setting and behaves accordingly. -Rasmus On Wed, 18 Apr 2001, Johnson, Kirk wrote: With magic_quotes_sybase = on, a single quote in Get/Post/Cookie data gets escaped with another single quote. Is there a function analagous to stripslashes that