Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

Magic Quotes

magic_quotes_gpc is turned on.

when i print a variable from $_POST the slashes are added.

however, when i insert that same variable into a mysql database the slashes aren't added.

why does this happen?

e.g.

$value =  $_POST['value'];
print $value;  //slashes are there

$query = "INSERT INTO test VALUES(\"$value\")";  //slashes aren't there in the database
0
abstractionz
Asked:
abstractionz
  • 6
  • 4
1 Solution
 
sajuksCommented:
//Try this
$value =  $_POST['value'];
$value  = addslashes($value );
"INSERT INTO test   VALUES ('$value  )";

//a better way would be
function CheckSlash($string) {
if (!magic_quotes_gpc()) {
$string = addslashes($string);
}

return $string;
}

$mydata = CheckSlash($mydata);
$query = @mysql_query("INSERT INTO table (column1) VALUES ('$mydata')", $connection)
or die ("Some error");
0
 
abstractionzAuthor Commented:
i thought magic_quotes_gpc were supposed to add the slashes automatically.
0
 
sajuksCommented:
addslashes() is not necessary if magic_quotes_gpc is on.
Thats what my function CheckSlash was doing. if on dont addslashes else call addslashes.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
abstractionzAuthor Commented:
ok let's assume i POST the following value:  example\s

it gets stored in the database as example\s not example\\s



0
 
sajuksCommented:
0
 
sajuksCommented:
From the manual,
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
0
 
abstractionzAuthor Commented:
So when a string is escaped, it won't be visible in the database?  ie  If I have magic_quotes enabled   in the database example\s   will show as example\s, not example\\s
0
 
abstractionzAuthor Commented:
*  I mean the extra slash won't be visible in the database
0
 
sajuksCommented:
Rite.
0
 
sajuksCommented:
Thnaks for the points and grade.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now