On Wed, August 1, 2007 3:27 pm, Jay Blanchard wrote:
> [snip]
>
> $first = "'".addslashes($_POST['firstname'])."'";
> $last = "'".addslashes($_POST['lastname'])."'";
> $email = "'".addslashes($_POST['email'])."'";
> $address = "'".addslashes($_POST['address'])."'";
> $city
CK wrote:
Hi,
Engaged in "cleanup" project, attempting to understand the uncommented
decisions of predecessors. Inserting the following contact form values
into a DB:
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'"
On Wed, 2007-08-01 at 13:20 -0700, CK wrote:
> Hi,
>
> Engaged in "cleanup" project, attempting to understand the
> uncommented decisions of predecessors. Inserting the following
> contact form values into a DB:
>
>
> $first = "'".addslashes($_POST['firstname'])."'";
> $last = "'
[snip]
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'".addslashes($_POST['email'])."'";
$address = "'".addslashes($_POST['address'])."'";
$city = "'".addslashes($_POST['city'])."'";
$state = "'".addslashes
Hi,
Engaged in "cleanup" project, attempting to understand the
uncommented decisions of predecessors. Inserting the following
contact form values into a DB:
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'".addslash
On Wed, Mar 29, 2006 at 05:32:25PM -0600, Chris Boget wrote:
> I totally blew past that part with the sybase because we aren't using
> sybase. I guess I should have paid more attention. I'm curious why that
> directive affects general PHP code and not just the sybase functions.
This is why mag
directive affects general PHP code and not just the
sybase functions.
Oh, well.
Thanks for the heads up.
thnx,
Chris
- Original Message - From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>
To: "Chris Boget" <[EMAIL PROTECTED]>
Cc: "PHP General&
al Message -
From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>
To: "Chris Boget" <[EMAIL PROTECTED]>
Cc: "PHP General"
Sent: Wednesday, March 29, 2006 5:29 PM
Subject: Re: [PHP] addslashes()
From http://php.net/addslashes :
"Having the PHP directi
From http://php.net/addslashes :
"Having the PHP directive magic_quotes_sybase set to on will mean ' is
instead escaped with another '."
Jasper
Chris Boget wrote:
Can someone explain something to me:
$string = "Bob's carwash's door";
echo 'addslashes(): ' . addslashes( $string ) . '
Can someone explain something to me:
$string = "Bob's carwash's door";
echo 'addslashes(): ' . addslashes( $string ) . '
';
echo 'mysql_escape_string(): ' . mysql_escape_string( $string ) . '
';
Outputs:
addslashes(): Bob''s carwash''s door
mysql_escape_string(): Bob\'s carwash\'s do
JM wrote:
Hi all,
Ok here is what I need help with:
$var = "i like fi'sh";
I'm able to addslashes(gather the data from a form), submit into the
database, stripslashes(retrieve it).
My problem is when I display it in a input type=text form the single
quote is causing a truncation.
will disp
JM wrote:
> Hi all,
> Ok here is what I need help with:
>
> $var = "i like fi'sh";
>
> I'm able to addslashes(gather the data from a form), submit into the
> database, stripslashes(retrieve it).
>
> My problem is when I display it in a input type=text form the single
> quote is causing a truncat
Hi all,
Ok here is what I need help with:
$var = "i like fi'sh";
I'm able to addslashes(gather the data from a form), submit into the
database, stripslashes(retrieve it).
My problem is when I display it in a input type=text form the single
quote is causing a truncation.
will display as:
i l
Hi,
First of, sorry for the attachment. It is a screenshot of the output of the
following code. It also shows the contents of the array data in question.
I have the following piece of actual code:
// $arrayData is the data in an array form
$arrayData = ArrayIzeDbResult( $db2 ) ;
// we want to
I'm confronted with a somewhat weird problem and hopefully someone can make a
suggestion. I have to perform the following 3-step task:
Step 1. Someone provides a string (let's call it the formatting string) which
contains a PHP expression, which will apply a PHP function on another string,
let's c
Chris Shiflett wrote:
--- Jough P <[EMAIL PROTECTED]> wrote:
My goal is to never have to use the addslashes() function. Any
suggestions?
There's probably nothing you can do about your Web host, but you can use
the fix_magic_quotes() function listed here:
http://phundamentals.nyphp.org/PH_storingr
--- Jough P <[EMAIL PROTECTED]> wrote:
> My goal is to never have to use the addslashes() function. Any
> suggestions?
There's probably nothing you can do about your Web host, but you can use
the fix_magic_quotes() function listed here:
http://phundamentals.nyphp.org/PH_storingretrieving.php
Ho
Greetings all,
I'm doing all my PHP development on my iBook running OS X. I'm
currently working on a messaging tool for a website. When the messages
are posted on my iBook the single quotes are escaped properly. When I
upload the same *.php files to the server the single quotes are
preceded
John W. Holmes wrote:
From: "Hardik Doshi" <[EMAIL PROTECTED]>
Currently i am using PEAR DB abstration layer. Which
function should i use to escape the ' character? There
are couple of functions in the PEAR DB documentation
so i don't know which one should i use.
I don't use PEAR DB, but it loo
From: "Hardik Doshi" <[EMAIL PROTECTED]>
> Currently i am using PEAR DB abstration layer. Which
> function should i use to escape the ' character? There
> are couple of functions in the PEAR DB documentation
> so i don't know which one should i use.
I don't use PEAR DB, but it looks like quoteSmar
Thank you John.
Currently i am using PEAR DB abstration layer. Which
function should i use to escape the ' character? There
are couple of functions in the PEAR DB documentation
so i don't know which one should i use.
Hardik
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Richard Davey wrote:
Richard Davey wrote:
Does mysql_real_escape_string (or mysql_escape_string) do anything
extra that addslashes() doesn't? In the examples in the manual it is
just used to escape the ' character, but that is exactly what
addslashes() will do anyway.
real_escape_string() takes the current character s
Hi,
I just finished reading Chris Shiflett's article in this months php|a
about SQL injection and have a question I can't seem to find answered
anywhere:
Does mysql_real_escape_string (or mysql_escape_string) do anything
extra that addslashes() doesn't? In the examples in the manual it is
just us
On 28 January 2004 12:31, Will wrote:
> I'm a little confused with these functions. How I here you
> ask. Well I thought I understood what they were for:
> Escaping characters that might cause a problem when you enter
> your data into a database query. i.e. \ ' "
>
> Anyway what is confusing me i
Hello Will,
On 28 Jan 2004 at 12:31, Will wrote:
> However recently I encrypted some data which I stored in the database.
> The string contained a \ which I added slashes to when entered in to
> the database. But as the database appears to strips the first slash
> off the double slash automatical
Will wrote:
I'm a little confused with these functions. How I here you ask. Well I
thought I understood what they were for:
Escaping characters that might cause a problem when you enter your data
into a database query. i.e. \ ' "
Anyway what is confusing me is, say I have a string which contai
I’m a little confused with these functions. How I here
you ask. Well I thought I understood what they were for:
Escaping characters that might cause
a problem when you enter your data into a database query. i.e. \ ‘ “
Anyway what is confusing me is, say I have a string which contains
Hello João,
On 15 Jan 2004 at 17:07, João Cândido de Souza Neto wrote:
> I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
> mysql data to send to javascript variable.
>
> Running in my machine with win xp + iis it's all ok, but in server with
> linux + apache, the javascri
Send us the resulting javascript code.
João Cândido de Souza Neto wrote:
Hello to all.
I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
mysql data to send to javascript variable.
Running in my machine with win xp + iis it's all ok, but in server with
linux + apache, the jav
Hello to all.
I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
mysql data to send to javascript variable.
Running in my machine with win xp + iis it's all ok, but in server with
linux + apache, the javascript variable no have "\" causing error in my
script.
Anybody know ho
Hello to all.
I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
mysql data to send to javascript variable.
Running in my machine with win xp + iis it's all ok, but in server with
linux + apache, the javascript variable no have "\" causing error in my
script.
Anybody know ho
On Monday 12 January 2004 13:25, Ryan A wrote:
> > addslashes() _enables_ you to enter stuff which contains
> >quotes into the DB properly, but the slashes are obviously not part of the
> >data and hence not stored.
>
> *
> but the whole sql statement is part of the data right? I mean I am saving
Hi,
Thanks for replying.
*
> addslashes() _enables_ you to enter stuff which contains
>quotes into the DB properly, but the slashes are obviously not part of the
>data and hence not stored.
*
but the whole sql statement is part of the data right? I mean I am saving
the whole
sql statement for late
On Monday 12 January 2004 12:31, Ryan A wrote:
> I am getting some input from a client in a text area, the input is an sql
> statement, so I am using addslashes but the damn thing is not working...any
> idea why?
>
> Heres my code:
>
> if(isset($_POST['the_sql_command']))
> {
> $the_sql_command=
Hi,
I am getting some input from a client in a text area, the input is an sql
statement, so I am using addslashes but the damn thing is not working...any
idea why?
Heres my code:
if(isset($_POST['the_sql_command']))
{
$the_sql_command=$_POST['the_sql_command'];
$the_sql_command=addslashes($the
From: "Cesar Cordovez" <[EMAIL PROTECTED]>
> Is it just me or addslahes truncates the result to 65535 chars? Any
> comments? Or can it be that a blob field in a MySQL database is just
> 65535 chars, I don't think so...
Think again...
BLOB, TEXT L+2 bytes, where L < 2^16
MEDIUMB
Hi.
Turns out that addslashes is not guilty of truncating it's result.
Marek is right here. Changed the type of the field from BLOB to
LONGBLOB and everything works great!
Thanks!
Marek Kilimajer wrote:
Cesar Cordovez wrote:
HI!
Is it just me or addslahes truncates the result to 65535 chars
Cesar Cordovez wrote:
HI!
Is it just me or addslahes truncates the result to 65535 chars? Any
comments? Or can it be that a blob field in a MySQL database is just
65535 chars, I don't think so...
Cesar.
BLOB is just 65535 chars. Use MEDIUMBLOB (2^24 bytes) or LONGBLOB (2^32
bytes). Also tex
HI!
Is it just me or addslahes truncates the result to 65535 chars? Any
comments? Or can it be that a blob field in a MySQL database is just
65535 chars, I don't think so...
Cesar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
if(is_
If you are doing both addslashes() and have magic_quotes_gpc turned on,
then yes, you are double-escaping things.
>From a performance-perspective I doubt you could measure much difference,
but I suppose doing it through magic_quotes_gpc would be faster assuming
you need to escape all your GPC d
If you have magic_quotes_gpc = On in your php.ini file, which it is by
default, does one still need to have the addslashes function in their
coding?
When I'm inserting into my database, I have addslashes in place, and I
haven't change the default value of magic_quotes_qpc = On. I havn't
seen any s
Brad Pauly wrote:
CF High wrote:
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed;
Result: I\\\'ve got an apostrophe.
What's up with that -- why not just add a single backslash?
Do you have gpc_magic_
CF High wrote:
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed;
Result: I\\\'ve got an apostrophe.
What's up with that -- why not just add a single backslash?
Do you have gpc_magic_quotes enabled?
- Br
WFM.
Is $apostrophe from a REQUEST variable. Then it already is addslashed,
as your magic_quotes_gpc is on in php.ini.
CF High wrote:
Hey All.
Simple ?
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed
Hey All.
Simple ?
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed;
Result: I\\\'ve got an apostrophe.
What's up with that -- why not just add a single backslash?
--Noah
--
--
PHP General Mailing Li
well Allen' <[EMAIL PROTECTED]>
> Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: [PHP] Addslashes problem (MSSQL)
>
>
> What do you mean by "It escapes single quotes with single quotes."?
>
> so let's say my $co
Kelvin,
This link should be helpful:
http://www.mysql.com/doc/en/String_syntax.html
Regards,
Michael Egan
-Original Message-
From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED]
Sent: 20 March 2003 16:21
To: 'Lowell Allen'
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Addslash
IL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
> From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]>
>
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
> From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]>
> Date: Thu, 20 Mar 2003 10:58:02 -0500
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$c
why not try it and let us know.
--- Jean-Christian Imbeault <[EMAIL PROTECTED]>
wrote:
> Is addslashes() multi-byte safe?
>
> I will bu sing it to escape multi-byte input and
> wouldn't want it to
> mangle anything...
>
> Thanks,
>
> Jc
>
>
> --
> PHP General Mailing List (http://www.php.net
Is addslashes() multi-byte safe?
I will bu sing it to escape multi-byte input and wouldn't want it to
mangle anything...
Thanks,
Jc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
thanks guys, got it working now. Removed Addslashes and it works fine.
1lt John W. Holmes wrote:
>> I am trying to develop a search for my database.
>>
>> I used addslashes when entering the data, and then use addslashes with
>> the search but nothing comes up:
>>
>> Select * from tblContacts,
> I am trying to develop a search for my database.
>
> I used addslashes when entering the data, and then use addslashes with the
> search but nothing comes up:
>
> Select * from tblContacts, tblCountries WHERE
> (tblContacts.CountryCode=tblCountries.CountryID) AND (Organization LIKE
> '%o\'mallies
t;
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 05, 2002 9:25 AM
Subject: [PHP] addslashes/stripslashes
Hey,
I am trying to develop a search for my database.
I used addslashes when entering the data, and then use addslashes with the
search but nothing comes up:
Select *
Original Message-
From: Paul Dionne [mailto:PDionne@;Speakeasy.net]
Sent: Tuesday, November 05, 2002 5:26 PM
To: [EMAIL PROTECTED]
Subject: [PHP] addslashes/stripslashes
Hey,
I am trying to develop a search for my database.
I used addslashes when entering the data, and then use addslashe
Hey,
I am trying to develop a search for my database.
I used addslashes when entering the data, and then use addslashes with the
search but nothing comes up:
Select * from tblContacts, tblCountries WHERE
(tblContacts.CountryCode=tblCountries.CountryID) AND (Organization LIKE
'%o\'mallies%' )
No, nothing has changed in recent memory with respect to this.
On Wed, 2 Oct 2002, Anil Garg wrote:
> Hi,
>
> Is it so that in php 4.2.3 we have to do both..."addslashes" and
> "removeslashes" ?? coz in one of the older versions the things are goin fine
> without using "removeslashes" but it do
Hi,
Is it so that in php 4.2.3 we have to do both..."addslashes" and
"removeslashes" ?? coz in one of the older versions the things are goin fine
without using "removeslashes" but it doesnet seem to be the case in
php4.2.2.
thanx and regards
anil
--
PHP General Mailing List (http://www.php.n
on 01/09/02 10:23 PM, cLeAnEr ([EMAIL PROTECTED]) wrote:
> Hi.
> I have recently started prograemming some php. Now I wonder exactly what
> addslashes() is good for...
> I´ve read about it that it insert slashes where needed to get data in right
> form to Mysql? and then use stripeslashes() to re
Hi.
I have recently started prograemming some php. Now I wonder exactly what
addslashes() is good for...
I´ve read about it that it insert slashes where needed to get data in right
form to Mysql? and then use stripeslashes() to remove slashes when reciving
data out of database?
And I´ve also got
> -Original Message-
> From: ed [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 14, 2002 1:48 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] addslashes() and stripslashes()
>
>
> Is it a good idea to always use addslashes() on a
> value gathered from a t
Is it a good idea to always use addslashes() on a
value gathered from a text field or textarea?
If you use addslashes() to "INSERT" the stuff into a
db, should you always use stripslashes() when you
"SELECT" it from the database?
tia,
--ed
__
Do
On Saturday 22 June 2002 07:42, Chris Shiflett wrote:
> PHP is probably escaping the single quotes for you:
>
> it's -> it\'s
>
> When addslashes() is applied to this, both the backslash character and
> the single quote are escaped:
>
> \ -> \\
> ' -> \'
>
> The result is what you see:
>
> it\'s -
PHP is probably escaping the single quotes for you:
it's -> it\'s
When addslashes() is applied to this, both the backslash character and
the single quote are escaped:
\ -> \\
' -> \'
The result is what you see:
it\'s -> it\\\'s
If you strip slashes twice, you'll be back to normal.
Chris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then OMAR IGNACIO CAMPOS GALAN declared
> When I use addslashes to add a back slash to a single quote, it returns 3
> back slashes (example: 'it\\\'s'. Is that correct? Am I doing something
> wrong?
You're doing something wrong ;-)
I'll be
When I use addslashes to add a back slash to a single quote, it returns 3
back slashes (example: 'it\\\'s'. Is that correct? Am I doing something
wrong?
Thank you
Omar Campos Galán
Desarrollo de Formas Electrónicas
CompuSoluciones
Tel. (0133) 3818-1554 Fax (0133) 3818-1599
www.compusoluciones.c
Can you put things in standard quotes? "'Aimburu"
> -Original Message-
> From: andy [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 11, 2002 12:44 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [PHP] addslashes for db search?
>
>
>
Hi there,
I have some db records starting with a ' E.g: 'Aimburu
Now I am wondering how to retrieve this records. without a addslashes it
returns an error. So I did add a slash, but then it does not find this
record.
I tryed this query:
...like '\'Aimburu %' ...
Do I have to change this db e
Hi there,
I am wondering how to make my application more secure.
No I was reading in a mysql book, that chars like ' are bad for db
PHP provides the function addslashes. Is this the way to check for bad
entries a user provides? What happens
if a hacker tryes to delete my db entries with a input
At 10:43 AM 1/18/2002 -0600, Gonzalez, Zara E wrote:
>Now I am using MSSQL via freetds and since the commands for MSSQL and
>Sybase are
>basically identical as far as php is concerned, I am assuming that I have
>to use
>the "sybase method" to escape quotes. However, I can't seem to figure out
>
Hi all,
I am having a problem with one of my forms. I was testing to see if it would
except data with apostrophes, and it doesn't. I thought maybe I had forgotten to
addslashes to the variables...but I had the addslashes in my code...
I was reading the manual page about addslashes to see if mayb
--On Monday, November 26, 2001 04:47:35 PM -0800 Scott Aikin
<[EMAIL PROTECTED]> wrote:
> I've come across a strange problem working backwards with stripslashes
> after running addslashes. I take a string like:
>
> "\t\4"
>
> and run it through addslashes, the result is:
>
> \\t\\4
>
> After gr
I've come across a strange problem working backwards with stripslashes after running
addslashes. I take a string like:
"\t\4"
and run it through addslashes, the result is:
\\t\\4
After grabbing this data from the database and running 'stripslashes', the data comes
out as:
"\t"
without the
76 808300
>
>
>
> >From: Rasmus Lerdorf <[EMAIL PROTECTED]>
> >To: Caleb Carvalho <[EMAIL PROTECTED]>
> >CC: <[EMAIL PROTECTED]>
> >Subject: Re: [PHP] addslashes q's
> >Date: Wed, 3 Oct 2001 09:15:49 -0700 (PDT)
> >
> > > after e
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey. GU16 7ST
United Kingdom
Telephone : +44 (0)1276 808300
>From: Rasmus Lerdorf <[EMAIL PROTECTED]>
>To: Caleb Carvalho <[EMAIL PROTECTED]>
>CC: <[EMAIL PROTECTED]>
>Sub
> after enabling magic quotes with sybase,
> now, i don't even need to addslashes..
> the only problem is that is adding " quote when i say won't it adds won''t
>
> does any one know why?
Because that is how a ' is supposed to be escaped in Sybase.
-Rasmus
--
PHP General Mailing List (http://
after enabling magic quotes with sybase,
now, i don't even need to addslashes..
the only problem is that is adding " quote when i say won't it adds won''t
does any one know why?
thanks a lot
Caleb Carvalho
Application Engineer
LoadRunner/APM
-
maybe i don't undestand correctly but try:
$string = str_replace("","\\n",$string);
i.e escape the escape character \\n
- Original Message -
From: "Chad Day" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 06, 2001 4:38 PM
I have to use addslashes on a string of mine so I can use it in a javascript
function, so that when a link is clicked, a html textarea box is populated
with that string.
The problem I have is that if there are line breaks in the string, the
's seem to get created when addslashes is run on the str
Jeff, here's what I do:
1. set magic_quotes_gpc On in php.ini
* this will automatically quote all GET, POST, and COOKIE
variables - read up on magic_quotes_gpc.
2. at the top of each script, stripslashes all the COOKIE, GET,
and POST variables, since they will have been
This seems to be more of a HTML problem.
Form fields simply can´t print out ". You need to change the " to " in
order for it to appear.
This can be done using the function htmlspecialchars():
http://www.php.net/manual/en/function.htmlspecialchars.php
In your case:
">
You can test these two thing
I have a form to modify a record in a MySQL database.
The record contains this:
3" Brush
The code in question is like this:
while ($row = mysql_fetch_array($result)) {
$desc1 = $row['desc1'];
--
">
I've tried using addslashes to the variable in various ways and it
always returns:
3\
This is the source of your problems.
Use HTMLEntities() or URLEncode() or something before you try to put your
string in that.
--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.
I'm having some problems with using addslashes($string) for preparing a text blob for
a MySQL database. The $string can have single or double quotes in it, and depending on
how I pass it on to the insert, it seems to work only for either single or double, but
not for both.
Input can be:
86 matches
Mail list logo
