Re: storing single and double quote in MySQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yesterday I read this discussion and looked at php manual for
mysql_real_escape... There is good example with extra function to check php
magic quotes status. I like the idea, because the code is more portable. You
don't have to add .htaccess files nor configre php..

Beginner Mindaugas


On 5/24/06, tedd <tedd@xxxxxxxxxxxx> wrote:


At 8:14 PM +0200 5/24/06, afan@xxxxxxxx wrote:
>if magic_quotes_gpc is On, does it add slashes in front of quotes when
>submit through form?
>Mean, if I submit in input form (text) afan's "crazy" web, after
>echo $_POST['record'];
>I'll get afan\'s \"crazy\" web. Is this because of magic_quote_gps is On?
>
>-afan

afan:

You're getting the idea. Whatever is in your mysql dB should look
just like it would in print with quotes and all -- and without any
escape characters preceding them.

So, if your records in mysql (when viewed via something like
myphpadmin) have something like this "O\'Mally", then the data is
wrong. It should be "O'Mally" and thus somewhere you, or
magic_quotes, have added slashes.

So, backup to your original data, turn magic_quotes OFF, use
mysql_real_escape_string to prepare the data and then add that data
to your mysql.

Upon retrieval of the data from mysql -- if -- you want to show it to
a browser, then use htmlentities. Remember mysql_real_escape_string
IN and htmlentities OUT and the world will be well.

I don't know if you are working in the same type of environment as
me, but I fixed mine by adding a ".htacess" file to my root. The code
is simply a text file like so:

php_value magic_quotes_gpc 0
php_value magic_quotes_sybase 0
php_value magic_quotes_runtime 0

That might work for you -- others on this list may have more detailed
information.

In any event, IMO do everything you can to turn magic_quotes OFF
because after that, then everything will be easier and you'll never
have to worry about when, or if, you should add_lashes, strip_lashes,
and other such confusing stuff.

hth's

tedd
--

------------------------------------------------------------------------------------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
Mindaugas
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux