FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: magic_quotes_gpc() on or off? [message #173939 is a reply to message #173888] Fri, 13 May 2011 19:25 Go to previous messageGo to previous message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma:
Senior Member
.oO(Jerry Stuckle)

> On 5/11/2011 7:49 AM, Simon wrote:
>>>
>>> Why are you stripping slashes BEFORE storing the data?
>>> magic_quotes_gpc() affects data RETRIEVED from the database.
>>
>> As per my original post, this is what the doc suggests.
>>
>> http://php.net/manual/en/function.mysql-real-escape-string.php
>>
>> "If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
>> Using this function on data which has already been escaped will escape
>> the data twice."
>
> If the data has previously been escaped, yes. In your case, it has not.

If magic quotes are enabled, then PHP will automatically escape his
incoming data. So calling stripslashes() on it before doing anything
else is the correct way to ensure you're working with the raw data.
After that you can apply the proper escaping as necessary.

Micha
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Re: A question about refresh
Next Topic: Program to Submit to forms
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 18:50:48 GMT 2024

Total time taken to generate the page: 0.04271 seconds