Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:
I have the following code:
-
You have the string " ' \ "
With addslashes it becomes " '\ \\ "
When you insert it into the database
it goes into a query like this
"update table set field=' '\ \\ ' "
But that inserts into the field only " ' \ ",
in other words the original string.
It is a normal behaviour and you should
om
turn of magic quotes or test for it before using addslashes
Bastien
>From: "Petzo" <[EMAIL PROTECTED]>
>To: php-db@lists.php.net
>Subject: [PHP-DB] addslashes + stripslashes + mysql question
>Date: Mon, 16 May 2005 11:20:41 +0300
>
>Hi,
>
> My questi
turn of magic quotes or test for it before using addslashes
Bastien
From: "Petzo" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] addslashes + stripslashes + mysql question
Date: Mon, 16 May 2005 11:20:41 +0300
Hi,
My question is about the norlmal behaviour of P
ECTED]>
To: "Petzo" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, May 16, 2005 4:09 PM
Subject: Re: [PHP-DB] addslashes + stripslashes + mysql question
> You have the string " ' \ "
> With addslashes it becomes " '\ \\ "
>
> When you insert it
You have the string " ' \ "
With addslashes it becomes " '\ \\ "
When you insert it into the database
it goes into a query like this
"update table set field=' '\ \\ ' "
But that inserts into the field only " ' \ ",
in other words the original string.
It is a normal behaviour and you should
om
you might want to check to see if magic quotes GPC is turned on, if it is
then you are adding slashes twice. You can either turn it off or do not use
addslashes ;)
--
Joseph Crawford Jr.
Codebowl Solutions
[EMAIL PROTECTED]
Hi,
My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:
I have the following code:
-
> Use the more specific mysql_escape_string() (or friend) instead.
> You're not supposed to use stripslashes() on data coming from the database
Kk, thanks Jason =)
-Ed
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Tuesday 28 September 2004 02:49, Ed Lazor wrote:
> I'm using PHP to retrieve user input and store it in MySQL. PHP's
> addslashes function is used on data going into the database
Use the more specific mysql_escape_string() (or friend) instead.
> and PHP's
> stripslashes function is being use
PHP / MySQL
I'm using PHP to retrieve user input and store it in MySQL. PHP's
addslashes function is used on data going into the database and PHP's
stripslashes function is being used on data coming from the database. This
is allowing me to store and retrieve data with no problems, but it's c
> I'm using php addslashes to store data into MySQL and php stripslashes
when
> pulling it back out, but I'm running into trouble when people enter HTML
> code. Do you have any recommendations?
> Here's an example of what I'm talking about:
> ">
> An error occurs if the entry has a value of:
I'm using php addslashes to store data into MySQL and php stripslashes when
pulling it back out, but I'm running into trouble when people enter HTML
code. Do you have any recommendations?
Here's an example of what I'm talking about:
">
An error occurs if the entry has a value of:
this i
hi all,
i'm really buffled by what i got and would appreciate any help possible! although i
addslashes and stripslashes, i still get a backslash ( \ ) character infront of a
single inverted comma ( ' ) and also whenever an amberscend ( & ) appears... please
help! thanx thanx..
for example:
in
l.com
- Original Message -
From: "Steve B." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, 13 June, 2003 19:22
Subject: [PHP-DB] addslashes, stripslashes, htmlspecialchars
Hi this is about PHP commands even though has mysql too.
I go to mysql board when I
Hi this is about PHP commands even though has mysql too.
I go to mysql board when I find one they said MySQL is not necessarily PHP driven and
if I want
PHP specific questions to go to a PHP list.
How do you deal with forms, db storage of the data and calling it up in a form to edit?
The online
-Original Message-
From: CPT John W. Holmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
> where my $content value is osmethign like this.
>
lmes [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:06 AM
To: Poon, Kelvin (Infomart); [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Addslashes (MSSQL)
> where my $content value is osmethign like this.
>
> "Step 1: Access the homepage
> Step 2: type in your username under
> where my $content value is osmethign like this.
>
> "Step 1: Access the homepage
> Step 2: type in your username under the field 'username' "
>
> and after the addslashes funciton there would be \ around the 'username'
> like this..
> \'username\'and now after running this program I got an er
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$c
I have been wrestling with this off and on for the past couple days and
would really appreciate some help.
I have a "Guest Book" page that collects name, address, e-mail, etc. in a
form. I won't post the form code because it's just HTML and it works fine.
Besically, the page does one of two thing
Hi there,
I have some db records starting with a ' E.g: 'Aimburu
Now I am wondering how to retrieve this records. without a addslashes it
returns an error. So I did add a slash, but then it does not find this
record.
I tryed this query:
...like '\'Aimburu %' ...
Do I have to change this db e
> Paul
>
> while ($self != "asleep") {
> $sheep_count++;
> }
> ?>
I have nothing useful to add, except that I nearly spit up my morning coffee
laughing at your signature.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
on 3/5/02 5:35 AM, Andy at [EMAIL PROTECTED] appended the following bits
to my mbox:
> No I was reading in a mysql book, that chars like ' are bad for db
> PHP provides the function addslashes. Is this the way to check for bad
> entries a user provides? What happens
> if a hacker tryes to delete
Hi there,
I am wondering how to make my application more secure.
No I was reading in a mysql book, that chars like ' are bad for db
PHP provides the function addslashes. Is this the way to check for bad
entries a user provides? What happens
if a hacker tryes to delete my db entries with a input
t: Friday, February 08, 2002 10:34 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] addslashes()
>
>
>At 10:22 -0600 2/8/02, Todd Williamsen wrote:
>>Paul,
>>
>>No kidding I see the problem, that is why I am asking how do I solve
>it.
>
>By writi
and the other doesn't?
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:34 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] addslashes()
At 10:22 -0600 2/8/02, Todd Williamsen wrote:
>Paul,
>
>No kidding I s
0:21 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] addslashes()
>
>
>At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>>Paul,
>>
>>Sorry for the confusion...
>>
>>Ok..
>>
>>I have an application where it organizes candidates f
[PHP-DB] addslashes()
At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>Paul,
>
>Sorry for the confusion...
>
>Ok..
>
>I have an application where it organizes candidates for positions for
>HR. There is a Notes field where they can update actions with the
>potential candi
At 10:06 -0600 2/8/02, Todd Williamsen wrote:
>Paul,
>
>Sorry for the confusion...
>
>Ok..
>
>I have an application where it organizes candidates for positions for
>HR. There is a Notes field where they can update actions with the
>potential candidate. Now this can be when this person has been
>
to "TEXT" and both queries are the same structure.
I cannot figure it out
If you want the URL to look at it, I will send it to you.
Thanks!
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 10:00 AM
To: Todd Williamsen; [EMAIL PRO
nting it? Storing it into the
database? Storing it into the database so that you can print it as
a Web page later?
>
>-Original Message-
>From: Paul DuBois [mailto:[EMAIL PROTECTED]]
>Sent: Friday, February 08, 2002 9:40 AM
>To: Todd Williamsen; [EMAIL PROTECTED]
>Subj
Paul..
Going into the database
Coming out of the database
Please read the whole post.. 8)
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:40 AM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 9:14 -0600
oofy1...
> > > Paul,
> > >
> > > It is being inserted into a database
> > >
> > > -Original Message-
> > > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, February 07, 2002 5:41 PM
> > > To: Todd Willi
t; > It is being inserted into a database
>> >
>> > -Original Message-----
>> > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
>> > Sent: Thursday, February 07, 2002 5:41 PM
>> > To: Todd Williamsen; [EMAIL PROTECTED]
>> > Subject: Re:
; > -Original Message-
> > From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 07, 2002 5:41 PM
> > To: Todd Williamsen; [EMAIL PROTECTED]
> > Subject: Re: [PHP-DB] addslashes()
> >
> >
> > At 16:54 -0600 2/7/02, Todd William
t;
> -Original Message-
> From: Paul DuBois [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 07, 2002 5:41 PM
> To: Todd Williamsen; [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] addslashes()
>
>
> At 16:54 -0600 2/7/02, Todd Williamsen wrote:
> >Ok..
> >
&g
Paul,
It is being inserted into a database
-Original Message-
From: Paul DuBois [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 5:41 PM
To: Todd Williamsen; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] addslashes()
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
>Ok..
>
&g
At 16:54 -0600 2/7/02, Todd Williamsen wrote:
>Ok..
>
>i tried it out... and it almost works like I want it... weird though
>
>1. when I put in this is BLUE
>
>it prints it in like a bright green. but if i use the RGB # then its fine.
>weird
>
>2. if there is an apostrophe in the notes, then
otes);
- Original Message -
From: "Todd Williamsen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 07, 2002 11:54 PM
Subject: Re: [PHP-DB] addslashes()
> Ok..
>
> i tried it out... and it almost works like I want it... weird though
02001c1b027$ec33b7b0$e4d22fc2@acealex...
> Try
> $Notes = addslashes($Notes);
>
> You where almost right :)
>
> /Alexander
>
> - Original Message -
> From: "Todd Williamsen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday
Try
$Notes = addslashes($Notes);
You where almost right :)
/Alexander
- Original Message -
From: "Todd Williamsen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 07, 2002 11:32 PM
Subject: [PHP-DB] addslashes()
> I have a "Notes&qu
I have a "Notes" field where users can add notes. Now, there will be times
when they use quotes "" or maybe even HTML, what is the correct way of using
this function?
I have tried:
addslashes($Notes);
and
$Notes addslashes($Notes);
neither work..
I thought I would ask this great newsgroup!
43 matches
Mail list logo
