Re: pdo ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24 January 2013 17:48, Matt Pelmear <mjpelmear@xxxxxxxxx> wrote:
> On 01/24/2013 09:23 AM, Jim Giner wrote:
>>
>> On 1/24/2013 12:05 PM, Matt Pelmear wrote:
>>>
>>>
>>> http://stackoverflow.com/questions/5801951/does-php-auto-escapes-quotes-in-string-which-is-passed-by-get-or-post
>>>
>>>
>>> Every pro has this feature (magic_quotes_gpc) turned off. If you
>>> understand SQL Injection vulnerabilities, and properly bind things into
>>> your queries, I would recommend disabling it.
>>>
>>> -Matt
>>>
>>> On 01/24/2013 08:55 AM, Jim Giner wrote:
>>>>
>>>> ok - new to using pdo functions, but I thought I had a handle on it.
>>>>
>>>> I'm writing out to my page an input tag with the following value in it:
>>>>
>>>> 49'ers
>>>>
>>>> I can confirm it by using my browser's "view source" to see that is
>>>> exactly how it exists in the page.
>>>>
>>>> When I hit a submit button and my script retrieves the 'post' vars my
>>>> debugging steps are showing that the var $_POST['team'] contains the
>>>> above value with a backslash (\) already inserted. This is causing me
>>>> a problem when I then try to use pdo->quote to safely encode it for
>>>> updating my sql database.
>>>>
>>>> My question is - why does the POST var show the \ char before I
>>>> execute the 'quote' function?
>>>>
>>>
>> You're right!  But I must not understand something.
>>
>> My root folder has a php.ini file with the magic quotes set off. Doesn't
>> that carry on down to folders beneath it?
>>
>
> I would check phpinfo() to see if it is being overridden.
>
> -Matt

Create an info.php file containing ...

<?php
phpinfo();

Save that in the directory containing PHP and one other directory.

Load them via your browser. See the settings for the magic_xxxx and
see where the php.ini configuration file is being loaded.

It may be that your ini file is completely ignored!


-- 
Richard Quadling
Twitter : @RQuadling
EE : http://e-e.com/M_248814.html
Zend : http://bit.ly/9O8vFY

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux