Solved

Magic Quotes

Posted on 2004-08-30
10
235 Views
Last Modified: 2006-11-17
magic_quotes_gpc is turned on.

when i print a variable from $_POST the slashes are added.

however, when i insert that same variable into a mysql database the slashes aren't added.

why does this happen?

e.g.

$value =  $_POST['value'];
print $value;  //slashes are there

$query = "INSERT INTO test VALUES(\"$value\")";  //slashes aren't there in the database
0
Comment
Question by:abstractionz
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 11938495
//Try this
$value =  $_POST['value'];
$value  = addslashes($value );
"INSERT INTO test   VALUES ('$value  )";

//a better way would be
function CheckSlash($string) {
if (!magic_quotes_gpc()) {
$string = addslashes($string);
}

return $string;
}

$mydata = CheckSlash($mydata);
$query = @mysql_query("INSERT INTO table (column1) VALUES ('$mydata')", $connection)
or die ("Some error");
0
 

Author Comment

by:abstractionz
ID: 11938533
i thought magic_quotes_gpc were supposed to add the slashes automatically.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938582
addslashes() is not necessary if magic_quotes_gpc is on.
Thats what my function CheckSlash was doing. if on dont addslashes else call addslashes.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:abstractionz
ID: 11938608
ok let's assume i POST the following value:  example\s

it gets stored in the database as example\s not example\\s



0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938638
0
 
LVL 33

Accepted Solution

by:
sajuks earned 50 total points
ID: 11938641
From the manual,
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
0
 

Author Comment

by:abstractionz
ID: 11938658
So when a string is escaped, it won't be visible in the database?  ie  If I have magic_quotes enabled   in the database example\s   will show as example\s, not example\\s
0
 

Author Comment

by:abstractionz
ID: 11938660
*  I mean the extra slash won't be visible in the database
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938674
Rite.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938712
Thnaks for the points and grade.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now