On 24 January 2013 17:48, Matt Pelmear <mjpelmear@xxxxxxxxx> wrote: > On 01/24/2013 09:23 AM, Jim Giner wrote: >> >> On 1/24/2013 12:05 PM, Matt Pelmear wrote: >>> >>> >>> http://stackoverflow.com/questions/5801951/does-php-auto-escapes-quotes-in-string-which-is-passed-by-get-or-post >>> >>> >>> Every pro has this feature (magic_quotes_gpc) turned off. If you >>> understand SQL Injection vulnerabilities, and properly bind things into >>> your queries, I would recommend disabling it. >>> >>> -Matt >>> >>> On 01/24/2013 08:55 AM, Jim Giner wrote: >>>> >>>> ok - new to using pdo functions, but I thought I had a handle on it. >>>> >>>> I'm writing out to my page an input tag with the following value in it: >>>> >>>> 49'ers >>>> >>>> I can confirm it by using my browser's "view source" to see that is >>>> exactly how it exists in the page. >>>> >>>> When I hit a submit button and my script retrieves the 'post' vars my >>>> debugging steps are showing that the var $_POST['team'] contains the >>>> above value with a backslash (\) already inserted. This is causing me >>>> a problem when I then try to use pdo->quote to safely encode it for >>>> updating my sql database. >>>> >>>> My question is - why does the POST var show the \ char before I >>>> execute the 'quote' function? >>>> >>> >> You're right! But I must not understand something. >> >> My root folder has a php.ini file with the magic quotes set off. Doesn't >> that carry on down to folders beneath it? >> > > I would check phpinfo() to see if it is being overridden. > > -Matt Create an info.php file containing ... <?php phpinfo(); Save that in the directory containing PHP and one other directory. Load them via your browser. See the settings for the magic_xxxx and see where the php.ini configuration file is being loaded. It may be that your ini file is completely ignored! -- Richard Quadling Twitter : @RQuadling EE : http://e-e.com/M_248814.html Zend : http://bit.ly/9O8vFY -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
