Connecting Tech Pros Worldwide Help | Site Map
bytes > groups > PHP

question about magic quotes

 
LinkBack Thread Tools Search this Thread
  #1  
Old July 17th, 2005, 09:21 AM
Marcus
Guest
  
Posts: n/a
Default question about magic quotes
Hi all,

I've been reading up on magic quotes but I'm still confused, seems like
all the info I can find is just regurgitating the little blurb in the
php manual. My question is this: if I turn both magic_quotes_gpc and
magic_quotes_runtime ON in php.ini, does that mean I do not need to also
use addslashes() and stripslashes() on all my GPC and MySQL data? i.e.
does magic_quotes in effect take care of addslashes() and stripslashes()
automatically? Thanks in advance.

Marcus

  #2  
Old July 17th, 2005, 09:21 AM
Marcus
Guest
  
Posts: n/a
Default Re: question about magic quotes
Marcus wrote:
[color=blue]
> Hi all,
>
> I've been reading up on magic quotes but I'm still confused, seems like
> all the info I can find is just regurgitating the little blurb in the
> php manual. My question is this: if I turn both magic_quotes_gpc and
> magic_quotes_runtime ON in php.ini, does that mean I do not need to also
> use addslashes() and stripslashes() on all my GPC and MySQL data? i.e.
> does magic_quotes in effect take care of addslashes() and stripslashes()
> automatically? Thanks in advance.
>
> Marcus
>[/color]

Sorry for another post, but just to clarify on my previous post, is
there a proper configuration with any/all of the magic_quotes values so
that I can "safely" accept data and interact with my DB without using
addslashes/deleteslashes everywhere?

Also, when I look in my MySQL tables through the command prompt, if
records with single quotes do not show up as escaped by /, am I doing
something wrong? Thanks again.

Marcus
  #3  
Old July 17th, 2005, 09:24 AM
Michael Fesser
Guest
  
Posts: n/a
Default Re: question about magic quotes
.oO(Marcus)
[color=blue]
>Sorry for another post, but just to clarify on my previous post, is
>there a proper configuration with any/all of the magic_quotes values so
>that I can "safely" accept data and interact with my DB without using
>addslashes/deleteslashes everywhere?[/color]

I don't care about magic quotes anymore, I do the escaping on my own.
When "importing" user-submitted data I run it through something like
this to have the data in raw format:

function filter($data) {
return get_magic_quotes_gpc() ? stripslashes($data) : $data;
}

Then, when necessary, I use mysql_escape_string(), htmlspeciclchars()
etc. to escape/convert the data, dependent on what I wanna do with it.
IMHO it's more reliable to have control over the data handling instead
of relying on some "background magic", which might lead to unexpected
results.
[color=blue]
>Also, when I look in my MySQL tables through the command prompt, if
>records with single quotes do not show up as escaped by /, am I doing
>something wrong?[/color]

No, the escape chars are not stored in the database.

Micha
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Popular Articles

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 220,989 network members.
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved