On 8 Oct 2008, at 21:38, Bryan wrote:
My web site consists of some hard-coded html but on the main, data is
stored in MySQL and through the use of PHP I generate pages of html.
Everything went well this year until around June/July time when I
started noticing quotes (') were escaped in the gener
Blah sorry, I saw your second example not your final code. Some
scripts I use have different database connections and because of that
it is very important to always make sure I am using the correct link
identifier.
The php best practice example checks the string to see if it is a
number. If it
On Fri, December 1, 2006 2:32 pm, Johannes Lindenbaum wrote:
> Here the "smart quoting" function off php.net
>
> |function quote_smart($value)
> {
>// Stripslashes
>if (get_magic_quotes_gpc()) {
>$value = stripslashes($value);
>}
>// Quote if not a number or a numeric strin
On 12/1/06, Johannes Lindenbaum <[EMAIL PROTECTED]> wrote:
Eric Butera schrieb:
>
> You almost have it. What you need to do is if magic quotes is on,
> then stripslashes and apply mysql_real_escape_string. If magic quotes
> is off only apply mysql_real_escape_string since php didn't escape
>
Eric Butera schrieb:
You almost have it. What you need to do is if magic quotes is on,
then stripslashes and apply mysql_real_escape_string. If magic quotes
is off only apply mysql_real_escape_string since php didn't escape
values for you.
Also in your mysql_real_escape_string I would sugge
On 12/1/06, Johannes Lindenbaum <[EMAIL PROTECTED]> wrote:
Hello,
without trying to embarrass myself, but
Here the "smart quoting" function off php.net
|function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote
Hello,
without trying to embarrass myself, but
Here the "smart quoting" function off php.net
|function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
Johannes Lindenbaum wrote:
> Just a question out of pure curiosity. Why would one prefer
> using mysql_real_escape_string (I'm using 5.1.6 so
> mysql_escape_string is deprecated). and htmlentities instead
> of addslashes and stripslashes?
This example might be helpful:
http://shiflett.org/archive
Richard Lynch schrieb:
On Wed, November 29, 2006 11:55 pm, Johannes Lindenbaum wrote:
But... magic_quotes.
If my understanding is correct magic quotes will give ', " and \ (for
ASCII characters, e.g. \n) a preceding backslash to escape it. I also
see that magic_quotes_gpc() is On by default.
On Wed, November 29, 2006 11:55 pm, Johannes Lindenbaum wrote:
> But... magic_quotes.
> If my understanding is correct magic quotes will give ', " and \ (for
> ASCII characters, e.g. \n) a preceding backslash to escape it. I also
> see that magic_quotes_gpc() is On by default. So all data in $_POST
On 11/30/06, Johannes Lindenbaum <[EMAIL PROTECTED]> wrote:
And on retrieval stripslashes().
You shouldn't have to stripslashes your data coming from the DB.
Addslashes and friends exist to escape your data. It is not part of
your data. So when you INSERT "Jingle\'s Bells" when you retrieve i
On Thu, 2006-11-30 at 10:37 -0600, Johannes Lindenbaum wrote:
> Chris schrieb:
> > That part is correct.
> >
> > You shouldn't need to use addslashes - use mysql_real_escape_string or
> > mysql_escape_string depending on your (current) php version - they are
> > both "locale aware" and will escap
Chris schrieb:
That part is correct.
You shouldn't need to use addslashes - use mysql_real_escape_string or
mysql_escape_string depending on your (current) php version - they are
both "locale aware" and will escape things for you depending on mysql
server (re: language setup).
Then just use
Johannes Lindenbaum wrote:
Evening,
I am new to this list, so please if this email is "offensive" to anyone
I didn't know any better. Not here to start a war or similar.
I have a couple questions about magic_quotes and it's deletion in PHP 6.
I've been lazily following php.internals and read
14 matches
Mail list logo