Re: pdo ?

[Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx>]

On 1/24/2013 1:41 PM, Richard Quadling wrote:
> On 24 January 2013 17:48, Matt Pelmear <mjpelmear@xxxxxxxxx> wrote:
> > On 01/24/2013 09:23 AM, Jim Giner wrote:
> > > On 1/24/2013 12:05 PM, Matt Pelmear wrote:
> > > > http://stackoverflow.com/questions/5801951/does-php-auto-escapes-quotes-in-string-which-is-passed-by-get-or-post
> > > >
> > > >
> > > > Every pro has this feature (magic_quotes_gpc) turned off. If you
> > > > understand SQL Injection vulnerabilities, and properly bind things into
> > > > your queries, I would recommend disabling it.
> > > >
> > > > -Matt
> > > >
> > > > On 01/24/2013 08:55 AM, Jim Giner wrote:
> > > > > ok - new to using pdo functions, but I thought I had a handle on it.
> > > > >
> > > > > I'm writing out to my page an input tag with the following value in it:
> > > > >
> > > > > 49'ers
> > > > >
> > > > > I can confirm it by using my browser's "view source" to see that is
> > > > > exactly how it exists in the page.
> > > > >
> > > > > When I hit a submit button and my script retrieves the 'post' vars my
> > > > > debugging steps are showing that the var $_POST['team'] contains the
> > > > > above value with a backslash (\) already inserted. This is causing me
> > > > > a problem when I then try to use pdo->quote to safely encode it for
> > > > > updating my sql database.
> > > > >
> > > > > My question is - why does the POST var show the \ char before I
> > > > > execute the 'quote' function?
> > > You're right!  But I must not understand something.
> > >
> > > My root folder has a php.ini file with the magic quotes set off. Doesn't
> > > that carry on down to folders beneath it?
> >
> > I would check phpinfo() to see if it is being overridden.
> >
> > -Matt
>
> Create an info.php file containing ...
>
> <?php
> phpinfo();
>
> Save that in the directory containing PHP and one other directory.
>
> Load them via your browser. See the settings for the magic_xxxx and
> see where the php.ini configuration file is being loaded.
>
> It may be that your ini file is completely ignored!
Matt & Rich,

I have a small php.ini in my domain's  'php' folder as well as in my 
webroot folder. I was under the impression that the overrides would be 
applied to all folders below my webroot, but apparently it is not happening.

How do 'pros' replicate their .ini settings thru all of the application 
folder?  Not thru settings within the scripts I hope - I thought I read 
that the was not a very efficient way to do it and that a php.ini file 
was the best since it would be merged with the master one installed by 
my hoster.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php