473,563 Members | 2,904 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

i can not get addslashes/stripslashes to have the same effect on different servers

This seems so simple, I can't believe its tripping me up. I've a
database class with a query method that looks like this:
function query($query=fa lse) {
global $controller;
// $query = stripslashes($q uery);
// $query = addslashes($que ry);
$result = mysql_query($qu ery);

if (!$result) {
$dbErrorMessage = mysql_error();
$controller->error("In query(), in the class Database, our last
query to the database failed. The query was '$query'. The database
server returned this message: '$dbErrorMessag e' ");
}

return $result;
}
I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all my
code. One one server I have to uncomment the line with stripslashes. On
the other server I need to leave it commented. Surely there is a way to
make this code work on all servers?

Jan 12 '07 #1
5 1918
Rik
lawrence k wrote:
This seems so simple, I can't believe its tripping me up. I've a
database class with a query method that looks like this:
function query($query=fa lse) {
global $controller;
// $query = stripslashes($q uery);
// $query = addslashes($que ry);
$result = mysql_query($qu ery);

if (!$result) {
$dbErrorMessage = mysql_error();
$controller->error("In query(), in the class Database, our last
query to the database failed. The query was '$query'. The database
server returned this message: '$dbErrorMessag e' ");
}

return $result;
}
I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all
my code. One one server I have to uncomment the line with
stripslashes. On the other server I need to leave it commented.
Surely there is a way to make this code work on all servers?
Hard to say without knowing how the query actually get's build.
Are you sure it's not a byproduct of those pesky magic_quotes?
--
Rik Wasmus
Jan 12 '07 #2
lawrence k wrote:
I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all my
code. One one server I have to uncomment the line with stripslashes. On
the other server I need to leave it commented. Surely there is a way to
make this code work on all servers?
Hi Lawrence,

Just a guess: check your magic_quotes_gp c setting in php.ini. If it's
set to on turn it off and just use stripslashes and addslashes.

Ruben.
Jan 12 '07 #3
Ruben van Engelenburg wrote:
lawrence k wrote:
>I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all my
code. One one server I have to uncomment the line with stripslashes. On
the other server I need to leave it commented. Surely there is a way to
make this code work on all servers?

Hi Lawrence,

Just a guess: check your magic_quotes_gp c setting in php.ini. If it's
set to on turn it off and just use stripslashes and addslashes.

Ruben.
Yes, check your magic_quotes_gp c. But don't use addslashes on data to
be used in a MySQL query. Use mysql_real_esca pe_string() instead.
That's what it's for - and it is charset sensitive. addslashes() is not.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Jan 12 '07 #4

Ruben van Engelenburg wrote:
lawrence k wrote:
I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all my
code. One one server I have to uncomment the line with stripslashes. On
the other server I need to leave it commented. Surely there is a way to
make this code work on all servers?

Hi Lawrence,

Just a guess: check your magic_quotes_gp c setting in php.ini. If it's
set to on turn it off and just use stripslashes and addslashes.

I'm sure it is a product of magic_quotes_gp c, but isn't there a way to
get PHP to work intelligently regardless of settings in the php.ini? I
can't casually change the php.ini on either server since there is 30
client sites on one machine and over 100 on the other machine. For all
I know they've code on their sites that depend on whatever the current
setting is for magic_quotes_gp c. I'd potentially be breaking live sites
if I changed the php.ini file. That's just not an option. But isn't
there a way to work around magic_quotes_gp c? I thought magic_quotes_gp c
was suppose to work transparently?

Jan 20 '07 #5
lawrence k wrote:
Ruben van Engelenburg wrote:
>lawrence k wrote:
>>I'm working at two different companies right now, and so I'm dealing
with 2 different servers, but I've been using this same class in all my
code. One one server I have to uncomment the line with stripslashes. On
the other server I need to leave it commented. Surely there is a way to
make this code work on all servers?
Hi Lawrence,

Just a guess: check your magic_quotes_gp c setting in php.ini. If it's
set to on turn it off and just use stripslashes and addslashes.


I'm sure it is a product of magic_quotes_gp c, but isn't there a way to
get PHP to work intelligently regardless of settings in the php.ini? I
can't casually change the php.ini on either server since there is 30
client sites on one machine and over 100 on the other machine. For all
I know they've code on their sites that depend on whatever the current
setting is for magic_quotes_gp c. I'd potentially be breaking live sites
if I changed the php.ini file. That's just not an option. But isn't
there a way to work around magic_quotes_gp c? I thought magic_quotes_gp c
was suppose to work transparently?
if (get_magic_quot es_gpc()) {
doSomething();
} else {
doSomethingelse ();
}
OR

If your server is apache you could add the following to your .htaccess file:

php_flag magic_quotes_gp c off
Jan 24 '07 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1862
Must I still use addslashes with PEAR DB?
by: Joe Randstein | last post by:
Hi! I now use the DB classes from PEAR with mysql. Do I still have to use addslashes? I ask, because I get some very strange results, I get slashes in front of every " and they get saved in my database :-( Now my hoster has turned magic_quotes_gpc on anyway. As a workaround: On a PHP-environment where magic_quotes_gpc is turned on, can I...
PHP
1
3123
addslashes vs. mysql_real_escape_string
by: leegold2 | last post by:
When I look directly in my db field I see a difference between these two functions. The top line (seebelow) was inserted with addslashes vs. the bottom line where I used mysql_real_escape_string. Obviously addslashes really escapes the apostrophe. But I thought mysql_real_escape_string is supposed to do that too - can anyone explain? Thanks,...
PHP
4
18967
[FAQ] addslashes() and striplashes()
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc". By default, magic_quotes_gpc is On. If magic_quotes_gpc is On: Use stripslashes() for data which originates from an HTML form and is shown in an...
PHP
2
7620
mysql_real_escape_string() vs addslashes()
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly format strings that are displayed on the screen. I know that now with magic quotes off, I will have to manually handle escaping special characters with...
PHP
2
3361
strip- vs addslashes
by: Cruella DeVille | last post by:
I must have som errors in my understanding of strip- vs addslashes. I thought that if a user submitted eg a username, like this username=siv' drop database test; I should addslashes to escape ' and " and therefore prohibit the evil user to drop/change my database through sql injection (my example may not be correct, but I believe it points...
PHP
4
2875
Addslashes / Stripslashes
by: Areric | last post by:
hey all, I recently got in a bit of a fight with my webhost because he made some changes to my server. Specifically they updated php without telling me. They are now running PHP 4.4.1 (not sure what it was before). Anyway i mention that cause i had a script that uploaded the content of an image to a DB, then displayed it straight from the...
PHP
15
4130
Problem with addslashes
by: =?ISO-8859-1?Q?J=F8rn?= Dahl-Stamnes | last post by:
Hello folks, I need some help/advice FAST. I have problems with addslashes on my web-servers. After uploading a file, I read the uploaded file, use addslashes on the read data and then insert it into a blob field in a MySQL database. The problem is that this works fine on my internal test web-server (running under RedHat 7.3). But on...
PHP
5
6623
Addslashes() doesn't work on $_POST
by: Gilles Ganault | last post by:
Hello As the user may type strings that contain verboten characters like apostrophes, I need to go through the $_POST array, and use addslashes() on each and every item But it doesn't make any difference: ========== <?php
PHP
13
3457
addslashes/mysql_real_escape_string
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a database instead? Which is better for security reasons, addslashes() or mygql_real_escape_string()? Thanks you. Regards
PHP
0
7665
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
7888
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
0
8106
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
Online Marketing
1
7642
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
Windows Server
1
5484
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
5213
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
C# / C Sharp
0
3626
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2082
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
1
1200
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us