Thanks for the reply from 1 to 4 I do the same.I havent wrote it here so that my sample to be more short whhat i didn't get from your reply was that part: > For data that comes from SQL sources: > 1. check magic_quotes_runtime PHP setting... so what do you do if that setting is on/off (in my case it is off) Milen "Bostjan Skufca @ domenca.com" <bostjan.skufca@xxxxxxxxxxx> wrote in message news:200505161423.06441.bostjan.skufca@xxxxxxxxxxxxxx > I do the following way to achieve portability: > > For GET/POST/COOKIE variables: > 1. check "magic_quotes_gpc" PHP setting - if enabled strip slashes from input > variables using stripslashes() > 2. check input/anything > 3. prior building SQL query escape stuff (mysql - mysql_real_escape_string(), > others use different escaping methods) > 4. run query > > For data that comes from SQL sources: > 1. check magic_quotes_runtime PHP setting... > > > On Monday 16 May 2005 10:32, Petzo wrote: > > Hi, > > > > My question is about the norlmal behaviour of PHP and MYSQL but I cant > > explain it without a simple example. Thank you for reading: > > > > I have the following code: > > -------------------------------------------------------------------- > > <?php > > print $t = $_POST['txt']; > > print $t = addslashes($t); > > > > @ $db = mysql_pconnect(xxx,xxx,xxx); > > mysql_select_db('test'); > > > > $q = "update ttable set ffield='$t'"; > > mysql_query($q); > > > > $q = "select * from ttable"; > > $result = mysql_query($q); > > $bo = mysql_fetch_array($result); > > > > print $t = $bo['ffield']; > > print $t = stripslashes($t); > > ?> > > -------------------------------------------------------------------- > > > > > > from a HTML form I send variable: > > -------------------------------------------------------------------- > > ' \ \' \\ \\\ > > -------------------------------------------------------------------- > > > > after addshashes it becomes: > > -------------------------------------------------------------------- > > \' \\ \\\' \\\\ \\\\\\ > > -------------------------------------------------------------------- > > > > after that it gets in the database > > > > but after I get it out it becomes: > > -------------------------------------------------------------------- > > ' \ \' \\ \\\ > > -------------------------------------------------------------------- > > (without the backslashes!) > > > > and ofcourse after stripslashes it gets messed-up: > > -------------------------------------------------------------------- > > ' ' \ \ > > -------------------------------------------------------------------- > > > > So my question is if this is a normal behaviour for PHP+MYSQL or it may > > vary indifferent conficurations or versions of both php or mysql. > > It's not a bad thing to be like that but I wonder if my code will behave > > the same at most systems. > > > > Thank you very much > > -- > Best regards, > > Bostjan Skufca > system administrator > > Domenca d.o.o. > Phone: +386 4 5835444 > Fax: +386 4 5831999 > http://www.domenca.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
