Re: magic_quotes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Johannes Lindenbaum wrote:
Evening,

I am new to this list, so please if this email is "offensive" to anyone I didn't know any better. Not here to start a war or similar.

I have a couple questions about magic_quotes and it's deletion in PHP 6.

I've been lazily following php.internals and read about register_globals and magic_quotes (finally) being deleted from PHP.

I don't have any scripts that run with register_globals - not worried about PHP 6 for that case.

But... magic_quotes.
If my understanding is correct magic quotes will give ', " and \ (for ASCII characters, e.g. \n) a preceding backslash to escape it. I also see that magic_quotes_gpc() is On by default. So all data in $_POST and $_GET etc. has escaping backslashes.
If in a .htaccess I should set
php_flag magic_quotes_gpc Off

That would lead to $_POST data like Jingle's Bells to be passed as Jingle's Bells, not Jingle\'s Bells. Usually most of my $_POST data gets written into a MySQL table to which I perform addslashes(). And on retrieval stripslashes(). If I keep on doing that - and just start coding with magic_quotes_gpc Off - my scripts shouldn't alter behaviour upon PHP 6 arrival, should they?

That part is correct.

You shouldn't need to use addslashes - use mysql_real_escape_string or mysql_escape_string depending on your (current) php version - they are both "locale aware" and will escape things for you depending on mysql server (re: language setup).

Then just use htmlentities to display on the frontend rather than using stripslashes.

Of course other db's have similar functions, check the manual.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux