Hi Anthony:

On Thu, Feb 07, 2008 at 07:33:37PM -0500, Anthony Wlodarski wrote:
> 
> Input from form -> check for magic quotes(if not then add quotes) -> md5
> value -> save to database.
> 
> Now what happens if you change the logic to:
> Input from form -> md5 value -> save to database.
>
> Other individuals I have discussed this with would say that if you are on a
> platform without magic quotes then the md5 values will be different.  Is
> this the case?

You will get a different hash, since "That\'s good stuff, man." is 
different than "That's good stuff, man."

In your case it doesn't fully matter if it's on or off, ASSUMING that 
they will ALWAYS be in that same state.  The initial save and the 
subsequent verification submissions will both hit MD5 function with the 
same string.  But if the company changes servers/versions/settings which 
winds up changing this ini setting, you're SCREWED.

PHP comes with this nightmarish feature turned off by default and most 
hosts I've seen have it off also.  So, if you need to ENSURE portability, 
plan your logic accordingly.  For example, if MQ is on, put in 
stripslashes before making the MD5 hash.  Or you could do the database 
server's MD5(), since the slashes will be gone by the time it gets there.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

Reply via email to