At 8:14 PM +0200 5/24/06, afan@xxxxxxxx wrote:
if magic_quotes_gpc is On, does it add slashes in front of quotes when
submit through form?
Mean, if I submit in input form (text) afan's "crazy" web, after
echo $_POST['record'];
I'll get afan\'s \"crazy\" web. Is this because of magic_quote_gps is On?
-afan
afan:
You're getting the idea. Whatever is in your mysql dB should look
just like it would in print with quotes and all -- and without any
escape characters preceding them.
So, if your records in mysql (when viewed via something like
myphpadmin) have something like this "O\'Mally", then the data is
wrong. It should be "O'Mally" and thus somewhere you, or
magic_quotes, have added slashes.
So, backup to your original data, turn magic_quotes OFF, use
mysql_real_escape_string to prepare the data and then add that data
to your mysql.
Upon retrieval of the data from mysql -- if -- you want to show it to
a browser, then use htmlentities. Remember mysql_real_escape_string
IN and htmlentities OUT and the world will be well.
I don't know if you are working in the same type of environment as
me, but I fixed mine by adding a ".htacess" file to my root. The code
is simply a text file like so:
php_value magic_quotes_gpc 0
php_value magic_quotes_sybase 0
php_value magic_quotes_runtime 0
That might work for you -- others on this list may have more detailed
information.
In any event, IMO do everything you can to turn magic_quotes OFF
because after that, then everything will be easier and you'll never
have to worry about when, or if, you should add_lashes, strip_lashes,
and other such confusing stuff.
hth's
tedd
--
------------------------------------------------------------------------------------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
