----- Original Message -----
From: "Marcus James Christian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 27, 2001 6:18 AM
Subject: [PHP] Filtering out \ when a ' is user entered?
> Hello,
>
> I'm pretty new to PHP but all I've seen of it so far I pretty much love!
>
> I've built a web log but when the user enters their data and they use '
> or " (and you know they will) php always shows it from the included
> web log as
>
> \' How can I filter out these backslashes so they don't appear on the
> final public viewable page?
>
> Thanks,
> Marcus
>
> --
> Marcus James Christian - UNLIMITED -
> Multimedia Internet Design
> http://mjchristianunlimited.com
You can use stripslashes($yourvar) for this.
You can this behavior off by setting magic_quote_gpc to
off in php.ini. Please not that if you'll try to insert this values to
a database without the slashes, your queries will break, and they'll
become security breaches.
Think about this:
$query = "select * from users where username='$u_name'";
and the user enters into the $u_name field:
' and '1'='1
Ouch...
However, if those dashes were escaped with slashes, the query
will execute and return no values.
Never trust input from users, always check it.
--
Meir Kriheli
MKsoft computer systems
'There's someone in my head but it's not me" - Pink Floyd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
