Re: Stripslashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell <rvm@xxxxxxxxx> wrote:

> From: Ravi Gehlot
>
> > What are these magic quotes anyways?. What are they used for?
> escaping?
>
> I wasn't there at the time, but I gather that the general idea was to
> automagically insert escape characters into data submitted from a form.
> However, they used a backslash as the escape character, which is not
> universally recognized across database engines. Even the SQL standard
> defines an escape as a single quote character.
>
> We used to have magic quotes enabled, and came up with the following
> code to clean up the mess it caused.
>
>    // If magic quotes is on, we want to remove slashes
>    if (get_magic_quotes_gpc()) {
>      // Magic quotes is on
>      $response = stripslashes($_POST[$key]);
>    } else {
>      $response = $_POST[$key];
>    }
>
> For future releases of PHP, this will also need a check to see if
> get_magic_quotes_gpc() exists first.
>
> Bob McConnell
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Bob,

Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
"An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpc<http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>is
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form. "

So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.

Thanks,
Ravi.

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux