[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 243
  • Last Modified:

Magic Quotes

magic_quotes_gpc is turned on.

when i print a variable from $_POST the slashes are added.

however, when i insert that same variable into a mysql database the slashes aren't added.

why does this happen?

e.g.

$value =  $_POST['value'];
print $value;  //slashes are there

$query = "INSERT INTO test VALUES(\"$value\")";  //slashes aren't there in the database
0
abstractionz
Asked:
abstractionz
  • 6
  • 4
1 Solution
 
sajuksCommented:
//Try this
$value =  $_POST['value'];
$value  = addslashes($value );
"INSERT INTO test   VALUES ('$value  )";

//a better way would be
function CheckSlash($string) {
if (!magic_quotes_gpc()) {
$string = addslashes($string);
}

return $string;
}

$mydata = CheckSlash($mydata);
$query = @mysql_query("INSERT INTO table (column1) VALUES ('$mydata')", $connection)
or die ("Some error");
0
 
abstractionzAuthor Commented:
i thought magic_quotes_gpc were supposed to add the slashes automatically.
0
 
sajuksCommented:
addslashes() is not necessary if magic_quotes_gpc is on.
Thats what my function CheckSlash was doing. if on dont addslashes else call addslashes.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
abstractionzAuthor Commented:
ok let's assume i POST the following value:  example\s

it gets stored in the database as example\s not example\\s



0
 
sajuksCommented:
0
 
sajuksCommented:
From the manual,
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
0
 
abstractionzAuthor Commented:
So when a string is escaped, it won't be visible in the database?  ie  If I have magic_quotes enabled   in the database example\s   will show as example\s, not example\\s
0
 
abstractionzAuthor Commented:
*  I mean the extra slash won't be visible in the database
0
 
sajuksCommented:
Rite.
0
 
sajuksCommented:
Thnaks for the points and grade.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now