turn of magic quotes or test for it before using addslashes
Bastien
>From: "Petzo" <petzo@xxxxxxxxx>
>To: php-db@xxxxxxxxxxxxx
>Subject: addslashes + stripslashes + mysql question
>Date: Mon, 16 May 2005 11:20:41 +0300
>
>Hi,
>
> My question is about the norlmal behaviour of PHP and MYSQL but I cant
>explain it without a simple example. Thank you for reading:
>
> I have the following code:
>--------------------------------------------------------------------
><?php
>print $t = $_POST['txt'];
>print $t = addslashes($t);
>
> @ $db = mysql_pconnect(xxx,xxx,xxx);
> mysql_select_db('test');
>
> $q = "update ttable set ffield='$t'";
> mysql_query($q);
>
> $q = "select * from ttable";
> $result = mysql_query($q);
> $bo = mysql_fetch_array($result);
>
>print $t = $bo['ffield'];
>print $t = stripslashes($t);
>?>
>--------------------------------------------------------------------
>
>
>from a HTML form I send variable:
>--------------------------------------------------------------------
>' \ \' \\ \\\
>--------------------------------------------------------------------
>
>after addshashes it becomes:
>--------------------------------------------------------------------
>\' \\ \\\' \\\\ \\\\\\
>--------------------------------------------------------------------
>
>after that it gets in the database
>
>but after I get it out it becomes:
>--------------------------------------------------------------------
>' \ \' \\ \\\
>--------------------------------------------------------------------
>(without the backslashes!)
>
>and ofcourse after stripslashes it gets messed-up:
>--------------------------------------------------------------------
>' ' \ \
>--------------------------------------------------------------------
>
>So my question is if this is a normal behaviour for PHP+MYSQL or it may
>vary
>indifferent conficurations or versions of both php or mysql.
>It's not a bad thing to be like that but I wonder if my code will behave
>the
>same at most systems.
>
>Thank you very much
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
**********************************************************************
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
************************************************************************
<<<<GWAVAsig>>>>AdmID:D8E9019DA2421EF16B6F98046B509684
**********************************************************************
IMPORTANT NOTICE
This communication is for the exclusive use of the intended recipient(s)
named above. If you receive this communication in error, you should
notify the sender by e-mail or by telephone (+44) 191 224 4461, delete
it and destroy any copies of it.
This communication may contain confidential information and material
protected by copyright, design right or other intellectual property
rights which are and shall remain the property of Piranha Studios
Limited. Any form of distribution, copying or other unauthorised use
of this communication or the information in it is strictly prohibited.
Piranha Studios Limited asserts its rights in this communication and
the information in it and reserves the right to take action against
anyone who misuses it or the information in it.
Piranha Studios Limited cannot accept any liability sustained as a
result of software viruses and would recommend that you carry out your
own virus checks before opening any attachment.
************************************************************************
<<<<GWAVAsig>>>>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
