Johannes Lindenbaum wrote:
Evening,
I am new to this list, so please if this email is "offensive" to anyone
I didn't know any better. Not here to start a war or similar.
I have a couple questions about magic_quotes and it's deletion in PHP 6.
I've been lazily following php.internals and read about register_globals
and magic_quotes (finally) being deleted from PHP.
I don't have any scripts that run with register_globals - not worried
about PHP 6 for that case.
But... magic_quotes.
If my understanding is correct magic quotes will give ', " and \ (for
ASCII characters, e.g. \n) a preceding backslash to escape it. I also
see that magic_quotes_gpc() is On by default. So all data in $_POST and
$_GET etc. has escaping backslashes.
If in a .htaccess I should set
php_flag magic_quotes_gpc Off
That would lead to $_POST data like Jingle's Bells to be passed as
Jingle's Bells, not Jingle\'s Bells. Usually most of my $_POST data gets
written into a MySQL table to which I perform addslashes(). And on
retrieval stripslashes().
If I keep on doing that - and just start coding with magic_quotes_gpc
Off - my scripts shouldn't alter behaviour upon PHP 6 arrival, should they?
That part is correct.
You shouldn't need to use addslashes - use mysql_real_escape_string or
mysql_escape_string depending on your (current) php version - they are
both "locale aware" and will escape things for you depending on mysql
server (re: language setup).
Then just use htmlentities to display on the frontend rather than using
stripslashes.
Of course other db's have similar functions, check the manual.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php