Solved

Magic Quotes

Posted on 2004-08-30
10
236 Views
Last Modified: 2006-11-17
magic_quotes_gpc is turned on.

when i print a variable from $_POST the slashes are added.

however, when i insert that same variable into a mysql database the slashes aren't added.

why does this happen?

e.g.

$value =  $_POST['value'];
print $value;  //slashes are there

$query = "INSERT INTO test VALUES(\"$value\")";  //slashes aren't there in the database
0
Comment
Question by:abstractionz
  • 6
  • 4
10 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 11938495
//Try this
$value =  $_POST['value'];
$value  = addslashes($value );
"INSERT INTO test   VALUES ('$value  )";

//a better way would be
function CheckSlash($string) {
if (!magic_quotes_gpc()) {
$string = addslashes($string);
}

return $string;
}

$mydata = CheckSlash($mydata);
$query = @mysql_query("INSERT INTO table (column1) VALUES ('$mydata')", $connection)
or die ("Some error");
0
 

Author Comment

by:abstractionz
ID: 11938533
i thought magic_quotes_gpc were supposed to add the slashes automatically.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938582
addslashes() is not necessary if magic_quotes_gpc is on.
Thats what my function CheckSlash was doing. if on dont addslashes else call addslashes.
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:abstractionz
ID: 11938608
ok let's assume i POST the following value:  example\s

it gets stored in the database as example\s not example\\s



0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938638
0
 
LVL 33

Accepted Solution

by:
sajuks earned 50 total points
ID: 11938641
From the manual,
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
0
 

Author Comment

by:abstractionz
ID: 11938658
So when a string is escaped, it won't be visible in the database?  ie  If I have magic_quotes enabled   in the database example\s   will show as example\s, not example\\s
0
 

Author Comment

by:abstractionz
ID: 11938660
*  I mean the extra slash won't be visible in the database
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938674
Rite.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 11938712
Thnaks for the points and grade.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Checkout Page Input Field not aligned 1 26
Cookie not unsetting 7 27
Dynamic Dropdowns 15 32
check mysql insert 12 26
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question