Magic Quotes

magic_quotes_gpc is turned on.

when i print a variable from $_POST the slashes are added.

however, when i insert that same variable into a mysql database the slashes aren't added.

why does this happen?

e.g.

$value =  $_POST['value'];
print $value;  //slashes are there

$query = "INSERT INTO test VALUES(\"$value\")";  //slashes aren't there in the database
abstractionzAsked:
Who is Participating?
 
sajuksConnect With a Mentor Commented:
From the manual,
The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
0
 
sajuksCommented:
//Try this
$value =  $_POST['value'];
$value  = addslashes($value );
"INSERT INTO test   VALUES ('$value  )";

//a better way would be
function CheckSlash($string) {
if (!magic_quotes_gpc()) {
$string = addslashes($string);
}

return $string;
}

$mydata = CheckSlash($mydata);
$query = @mysql_query("INSERT INTO table (column1) VALUES ('$mydata')", $connection)
or die ("Some error");
0
 
abstractionzAuthor Commented:
i thought magic_quotes_gpc were supposed to add the slashes automatically.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
sajuksCommented:
addslashes() is not necessary if magic_quotes_gpc is on.
Thats what my function CheckSlash was doing. if on dont addslashes else call addslashes.
0
 
abstractionzAuthor Commented:
ok let's assume i POST the following value:  example\s

it gets stored in the database as example\s not example\\s



0
 
sajuksCommented:
0
 
abstractionzAuthor Commented:
So when a string is escaped, it won't be visible in the database?  ie  If I have magic_quotes enabled   in the database example\s   will show as example\s, not example\\s
0
 
abstractionzAuthor Commented:
*  I mean the extra slash won't be visible in the database
0
 
sajuksCommented:
Rite.
0
 
sajuksCommented:
Thnaks for the points and grade.
0
All Courses

From novice to tech pro — start learning today.