RE: [PHP] Re: ' (Single Quotes) in user inputs
Also, you probably want to do a string replace of some kind and make the single quote a double single-quote ' to '' I don't know if that's how MySQL does it, but that's how SQL Server escapes single quotes and I believe other DBs do as well. Just something to look into because I think the \' might not work on DBs that use ''. -TG > -Original Message- > From: John Holmes [mailto:[EMAIL PROTECTED] > Sent: Monday, October 18, 2004 8:59 PM > To: Jerry Swanson > Cc: Christian Jul Jensen; [EMAIL PROTECTED] > Subject: Re: [PHP] Re: ' (Single Quotes) in user inputs > > > Jerry Swanson wrote: > > I'm not sure that stripslashes() are used for input. > > If you want to redisplay the input, then it would be used. > > > addslashes() - to insert data into database > > stripslashes() - to get data from database and print it. > > You don't need stripslashes when pulling data unless you have > magic_quotes_runtime enabled. If you find that you need to call > stripslashes on your data, then you're escaping it twice before you > insert it. > > -- > > ---John Holmes... > > Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ > > php|architect: The Magazine for PHP Professionals - www.phparch.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ' (Single Quotes) in user inputs
Jerry Swanson wrote: I'm not sure that stripslashes() are used for input. If you want to redisplay the input, then it would be used. addslashes() - to insert data into database stripslashes() - to get data from database and print it. You don't need stripslashes when pulling data unless you have magic_quotes_runtime enabled. If you find that you need to call stripslashes on your data, then you're escaping it twice before you insert it. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: ' (Single Quotes) in user inputs
I'm not sure that stripslashes() are used for input. addslashes() - to insert data into database stripslashes() - to get data from database and print it. On 14 Oct 2004 11:19:14 +0200, Christian Jul Jensen <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] (Ben) writes: > > > Any ideas on dealing with this would be greatly appreciated. > > Disable magic_quotes, and handle all escaping of characters yourself, > I would absolutely prefer that. But beware of sql-injection. > > Leave magic_quotes on, and use stripslashes() on your input. > > -- > Christian Jul Jensen > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
