Panquekas wrote: > Hello, > > I just want to ask if when I have the magic_quotes_gpc ON and use the > preg_quote is there an problem? One doesn't eliminate the other or does?
magic_quotes_gpc sucks - I recommend turning it off, for portability (when your running on a machine with magic_quotes_gpc on, you could consider a bit of code that conditionally undoes the add_slashes. > > Anyway, I'm trying to insert values to the DataBase in a secure way.. by > checking the special chars (with preg_quote), htmlentities is this a good > policie? bad bad bad. preg_quote is specifically for escaping strings you intend to use inside a regular expression that you feed to one of the preg_*() functions, it's purpose to make it easy for you to use strings that may contain characters that have special meaning to preg_*() in situations where you want the literal character to be used as part of the assertion. let's assume your database is mysql, then you should be using mysql_real_escape_string() to escape data that will become part of your SQL queries ... the fact that magic_quotes_gpc is on will make this more problematic because you really want to get rid of the automatically added slashes because other wise you'll end up with slashes in text that has been entered into your database that were actually meant to be escape characters. I hope that is a little clear, probably not heh! anyway go have a read and a play with mysql_real_escape_string() and do a bit of research about magic_quotes_gpc and see how far you get ... you can always come back here if your head starts to spin. > > Thanks in advance. > > PS: Sorry my english, I'm a little rusted :) we recommend Rusteze(r) medicated bumper ointment, "you too could look like me, kachow!" (that comment couldn't be helped, I've watched 'Cars', the movie, about 300 times) > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
