473,803 Members | 3,095 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

addslashes vs. mysql_real_esca pe_string


When I look directly in my db field I see a difference between these two
functions. The top line (seebelow) was inserted with addslashes vs. the
bottom line where I used mysql_real_esca pe_string. Obviously addslashes
really escapes the apostrophe. But I thought mysql_real_esca pe_string is
supposed to do that too - can anyone explain? Thanks, Lee G.

This is Aviva\'s website.
This is Sarah's website.
Jul 17 '05 #1
1 3162
leegold2 wrote:
When I look directly in my db field I see a difference between these two
functions. The top line (seebelow) was inserted with addslashes vs. the
bottom line where I used mysql_real_esca pe_string. Obviously addslashes
really escapes the apostrophe. But I thought mysql_real_esca pe_string is
supposed to do that too - can anyone explain? Thanks, Lee G.

This is Aviva\'s website.
This is Sarah's website.


What were:
* the original strings before escaping
* the strings after escaping, as they appeared in the SQL you sent to
the server?

I don't see any difference on a test string with an apostrophe on these
functions in 4.3.8 or 5.0.2:
<?php
$originalstring = "Apostrophe 's rock";
echo $originalstring , "\n";
echo addslashes( $originalstring ), "\n";
echo mysql_escape_st ring( $originalstring ), "\n";
echo mysql_real_esca pe_string( $originalstring ), "\n";
?>

output:
Apostrophe's rock
Apostrophe\'s rock
Apostrophe\'s rock
Apostrophe\'s rock

Can you confirm that the pre-escaping string for "This is Aviva\'s
website." did not contain a backslash, and that the same query was used
to insert both samples? Did the data from from a literal string, a file,
or from a web form? If you're using the magic_quotes_gp c option
(unfortunately the default is on, I believe), you need to run
stripslashes() on any text that comes from GET/POST/COOKIE variables
before further processing.

-- brion vibber (brion @ pobox.com)
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1705
mysql_real_escape_string addslashes....
by: Bob Bedford | last post by:
I've to put datas from user's input in a database. I've taken a function from internet (don't remember where) formatting most of the values: function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
PHP
4
18981
[FAQ] addslashes() and striplashes()
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc". By default, magic_quotes_gpc is On. If magic_quotes_gpc is On: Use stripslashes() for data which originates from an HTML form and is shown in an HTML page after a roundtrip to the server. Do not use addslashes().
PHP
2
7643
mysql_real_escape_string() vs addslashes()
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly format strings that are displayed on the screen. I know that now with magic quotes off, I will have to manually handle escaping special characters with mysql_real_escape_string() or addslashes().
PHP
2
3372
strip- vs addslashes
by: Cruella DeVille | last post by:
I must have som errors in my understanding of strip- vs addslashes. I thought that if a user submitted eg a username, like this username=siv' drop database test; I should addslashes to escape ' and " and therefore prohibit the evil user to drop/change my database through sql injection (my example may not be correct, but I believe it points out that evil user can add sql commands through an input field. But - I've been reading lots of...
PHP
15
4150
Problem with addslashes
by: =?ISO-8859-1?Q?J=F8rn?= Dahl-Stamnes | last post by:
Hello folks, I need some help/advice FAST. I have problems with addslashes on my web-servers. After uploading a file, I read the uploaded file, use addslashes on the read data and then insert it into a blob field in a MySQL database. The problem is that this works fine on my internal test web-server (running under RedHat 7.3). But on my production web-server (running Fedora Core 4)
PHP
6
3779
addslashes, mysql_real_escape_string or magic_quotes_gpc?
by: redog6 | last post by:
Hi I have a webform with many free text fields and have a problem with apostrophes and single quotes as this breaks the mysql query string. I obviously need to escape these characters - magic_quotes_gpc sounds ideal but is not an option as I don't have access to the php.ini file and it is currently set to 0. I could use either addslashes or mysql_real_espcape_string but do I have to apply this to every field individually or is there a...
PHP
5
6639
Addslashes() doesn't work on $_POST
by: Gilles Ganault | last post by:
Hello As the user may type strings that contain verboten characters like apostrophes, I need to go through the $_POST array, and use addslashes() on each and every item But it doesn't make any difference: ========== <?php
PHP
13
3490
addslashes/mysql_real_escape_string
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a database instead? Which is better for security reasons, addslashes() or mygql_real_escape_string()? Thanks you. Regards
PHP
8
4027
addslashes, mysql_real_escape_string, etc not working
by: pedalpete | last post by:
I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the database as we’re. weird. I've used addslashes & mysql_real_escape_string, but nothing seems to fix it, and I can see when I 'echo' the input, that the string is not being escaped. I don't get any errors, but nothing happens.
PHP
0
9703
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10550
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10317
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10295
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9125
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6844
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5501
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5633
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
2972
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us