FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: magic_quotes_gpc() on or off? [message #173888 is a reply to message #173875] Wed, 11 May 2011 15:29 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 5/11/2011 7:49 AM, Simon wrote:
> On 5/11/2011 12:38 PM, Jerry Stuckle wrote:
>
>>>
>>> // get a proper MySQL connection for mysql_real_escape_string() to work.
>>> ...
>>> //
>>> //
>>> $data = 'H\hi'; // a random string that I want to save 'as is' in the
>>> db. Note the 'escaped' character.
>>>
>>
>> First of all, '\h' is not a valid escape character. If you actually want
>> a backslash there, you need to use '\\h'. Using invalid character
>> combinations leads to unpredictable results.
>
> I never said I wanted to save \h as an escape character.
> I want to save the string 'H\hi' as is, (as used in the date() function
> for example).
>

Then you must use 'h\\hi'. Backslash is an escape character.

>>
>>> //
>>> // now try and save it to the db
>>> //
>>> // Stripslashes if need be
>>> if (get_magic_quotes_gpc())
>>> {
>>> $data = stripslashes($data);
>>> }
>>>
>>
>> Why are you stripping slashes BEFORE storing the data?
>> magic_quotes_gpc() affects data RETRIEVED from the database.
>
>
> As per my original post, this is what the doc suggests.
>
> http://php.net/manual/en/function.mysql-real-escape-string.php
>
> "If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
> Using this function on data which has already been escaped will escape
> the data twice."
>

If the data has previously been escaped, yes. In your case, it has not.

>>
>>> // escape
>>> $data = mysql_real_escape_string($data);
>>>
>>> echo $data;
>>> /////////////////////////////////////////////////////////////////////////// /
>>>
>>>
>>>
>>>
>>> You will see that the data has become 'Hhi', the '\' has been stripped,
>>> and the data is no longer saved as expected.
>>>
>>
>> As I would expect, as indicated above.
>
> As indicated in my previous post this is what the doc says.
> Unless I misunderstood the doc.
>

You are misunderstanding the doc.

>>>
>>
>> I never run with magic_quotes_gpc() on, and won't recommend a host who
>> runs with it on. If they don't know enough to turn off something which
>> has been deprecated for years, I'm not sure what else they are clueless
>> about.
>
> That's beside the point, but I agree.
>
> Thanks
>
> Simon

Actually, it is a major point.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Re: A question about refresh
Next Topic: Program to Submit to forms
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 16:43:42 GMT 2024

Total time taken to generate the page: 0.04563 seconds