I have an access as root user to the server and it shouldn't be a problem
to turn Off magic quote, but I really CANNOT do it right now because, as I
said earlier, just put live our new (pretty big) web site and there is no
chance to put it again "under construction" for a next couple of weekls
(red
Yesterday I read this discussion and looked at php manual for
mysql_real_escape... There is good example with extra function to check php
magic quotes status. I like the idea, because the code is more portable. You
don't have to add .htaccess files nor configre php..
Beginner Mindaugas
On 5/24/
At 8:14 PM +0200 5/24/06, [EMAIL PROTECTED] wrote:
if magic_quotes_gpc is On, does it add slashes in front of quotes when
submit through form?
Mean, if I submit in input form (text) afan's "crazy" web, after
echo $_POST['record'];
I'll get afan\'s \"crazy\" web. Is this because of magic_quote_gps
On 5/24/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
if magic_quotes_gpc is On, does it add slashes in front of quotes when
submit through form?
Mean, if I submit in input form (text) afan's "crazy" web, after
echo $_POST['record'];
I'll get afan\'s \"crazy\" web. Is this because of magic_quo
if magic_quotes_gpc is On, does it add slashes in front of quotes when
submit through form?
Mean, if I submit in input form (text) afan's "crazy" web, after
echo $_POST['record'];
I'll get afan\'s \"crazy\" web. Is this because of magic_quote_gps is On?
-afan
> Security wise, it is best to turn
Ok. Looks like I DID miss the point :)
I thought that with mysql_real_escape_string() HAVE TO add slash in front
of a quote and THAT's filtering.
:(
Ok. slash SHOULDN'T be in DB!
:)
>> But, also, I thought, mysql_real_escape_string() is "filter" for
>> everything, e.g. lets have three links (ad
But, also, I thought, mysql_real_escape_string() is "filter" for
everything, e.g. lets have three links (add, delete, edit) as
Add new
Edit
Delete
and was doing this way:
#index.php
it means that $action I will never store in DB, neither show on screen. I
then wrong to
$action = mysql_real_escap
in your php.ini file what is the value of:
magic_quotes_gpc?
(hint: should be off, if it is on, then you are add slashes twice...)
-Brad
[EMAIL PROTECTED] wrote:
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's "crazy" web
and stored in d
[EMAIL PROTECTED] wrote:
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's "crazy" web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \"crazy\" web
Then I pulled that from DB on three different w
ok. I just made one test and if you can then explain something to me:
I entered in form (textarea)
afan's "crazy" web
and stored in db using mysql-real_escape_string().
in DB, it's stored with slashes:
afan\'s \"crazy\" web
Then I pulled that from DB on three different ways:
$query = mysql_query("
[EMAIL PROTECTED] wrote:
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and strislshe()
to show them on screen.
Later
after these very helpfull comments, I rad (again) Shiflett's (and few
others) Security articles about filtering input and output. And more I
read - less is clear :(
Before, I used addslash() before I insert data in database and strislshe()
to show them on screen.
Later found it's not good and sta
On Mon, 22 May 2006, Richard Lynch wrote:
On Mon, May 22, 2006 11:25 am, [EMAIL PROTECTED] wrote:
After the form is submitted, some fields are filled with single and/or
double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff).
I validate what I got using mysql_real_escape_string() an
On Mon, 22 May 2006, John Nichel wrote:
Brad Bonkoski wrote:
Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before your
DB ins
On Mon, May 22, 2006 3:05 pm, Brad Bonkoski wrote:
> So, when the magic_quotes goes away in future version, with
> stripslashes() also go away?
Probably not right away...
Some folks are bound to have a zillion records in their database that
already got inserted with TWO calls to
addslashes/Magic_
Richard Lynch wrote:
On Mon, May 22, 2006 11:37 am, Brad Bonkoski wrote:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
If you are using http://php.net/stripslashes on data coming out of
your database, you are DEFINITEL
On Mon, May 22, 2006 11:37 am, Brad Bonkoski wrote:
> http://www.php.net/manual/en/function.stripslashes.php
> if you have to dump that information back to the users.
If you are using http://php.net/stripslashes on data coming out of
your database, you are DEFINITELY doing something wrong acquirin
On Mon, May 22, 2006 11:25 am, [EMAIL PROTECTED] wrote:
> After the form is submitted, some fields are filled with single and/or
> double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff).
> I validate what I got using mysql_real_escape_string() and then store
> the
> result in MySQL. An
On 22 May 2006 17:37, Brad Bonkoski wrote:
> Looks good to me, just make sure you use:
> http://www.php.net/manual/en/function.stripslashes.php
> if you have to dump that information back to the users.
> (you might want to check out: addslashes() to add the slashes before
> your DB insert, just to
Brad Bonkoski wrote:
Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
this is bad advice...
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before
having to use stripslashe
Brad Bonkoski wrote:
Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before
your DB insert, just to keep those things under your
On 5/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi to all!
After the form is submitted, some fields are filled with single and/or
double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff).
I validate what I got using mysql_real_escape_string() and then store the
result in MySQL
Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before
your DB insert, just to keep those things under your command)
-Brad
[EMAI
Hi to all!
After the form is submitted, some fields are filled with single and/or
double quote info (like: 1'2"x2'4", or sky's blue, or "cool" stuff).
I validate what I got using mysql_real_escape_string() and then store the
result in MySQL. And, it will be stored as:1\'2\"x2\'4\", and sky\'s blue,
24 matches
Mail list logo
