turn of magic quotes or test for it before using addslashes
Bastien
From: "Petzo" <[EMAIL PROTECTED]> To: [email protected] Subject: [PHP-DB] addslashes + stripslashes + mysql question Date: Mon, 16 May 2005 11:20:41 +0300
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I cant explain it without a simple example. Thank you for reading:
I have the following code: -------------------------------------------------------------------- <?php print $t = $_POST['txt']; print $t = addslashes($t);
@ $db = mysql_pconnect(xxx,xxx,xxx); mysql_select_db('test');
$q = "update ttable set ffield='$t'"; mysql_query($q);
$q = "select * from ttable"; $result = mysql_query($q); $bo = mysql_fetch_array($result);
print $t = $bo['ffield']; print $t = stripslashes($t); ?> --------------------------------------------------------------------
from a HTML form I send variable: -------------------------------------------------------------------- ' \ \' \\ \\\ --------------------------------------------------------------------
after addshashes it becomes: -------------------------------------------------------------------- \' \\ \\\' \\\\ \\\\\\ --------------------------------------------------------------------
after that it gets in the database
but after I get it out it becomes: -------------------------------------------------------------------- ' \ \' \\ \\\ -------------------------------------------------------------------- (without the backslashes!)
and ofcourse after stripslashes it gets messed-up: -------------------------------------------------------------------- ' ' \ \ --------------------------------------------------------------------
So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave the
same at most systems.
Thank you very much
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
