The PHP manual defines
"magic_quotes_runtime
If enabled, most functions that return data from an external
source, including databases and text files, will have quotes
escaped with a backslash "...
This term 'external source' isn't defined anywhere in the
manual! Is the data in our $_GET and $_POST variables
considered an external source? The term 'most functions'
without further explanation is most ambiguous.
If magic_quotes_gpc is set to off in the php.ini file, can
we control whether the $_GET and $_POST data is
automagically slashed using set_magic_quotes_runtime()?
or is magic_quotes_runtime only used for the data coming
out of our database or files and a few special uses?
Thanks for your help in sorting this confusion.
Ken
3  1879 
"Ken in Melbourne Australia" <ke*@mira.net> wrote in message
news:42***********************@per-qv1-newsreader-01.iinet.net.au... The PHP manual defines
"magic_quotes_runtime
If enabled, most functions that return data from an external
source, including databases and text files, will have quotes
escaped with a backslash "...
This term 'external source' isn't defined anywhere in the
manual! Is the data in our $_GET and $_POST variables
considered an external source? The term 'most functions'
without further explanation is most ambiguous.
If magic_quotes_gpc is set to off in the php.ini file, can
we control whether the $_GET and $_POST data is
automagically slashed using set_magic_quotes_runtime()?
or is magic_quotes_runtime only used for the data coming
out of our database or files and a few special uses?
Thanks for your help in sorting this confusion.
Ken
If magic_quotes is turned on (the last time I actually used it) I'm pretty
sure a form that a GET/POST request will be escaped to ease insertion into a
database for example. Coming out of a database such as mySQL, I don't think
I've ever seen them escaped.
IMO, it's bad practice to use/depend on magic_quotes being on.
HTH
-Joe
> "Ken in Melbourne Australia" <ke*@mira.net> wrote: The PHP manual defines
"magic_quotes_runtime
If enabled, most functions that return data from an external
source, including databases and text files, will have quotes
escaped with a backslash "...
This term 'external source' isn't defined anywhere in the
manual! Is the data in our $_GET and $_POST variables
considered an external source? The term 'most functions'
without further explanation is most ambiguous.
Well, $_GET and $_POST are not functions. They are array variables.
If magic_quotes_gpc is set to off in the php.ini file, can
we control whether the $_GET and $_POST data is
automagically slashed using set_magic_quotes_runtime()?
or is magic_quotes_runtime only used for the data coming
out of our database or files and a few special uses?
You could test this question in much less time than it takes to ask a
question on usenet and wait for a response. :)
Because magic_quotes_runtime corrupts data with slashes coming from
various _unspecified_ functions, you should probably never, ever use
magic_quotes_runtime without doing a lot of careful testing.
For the array values, which are already present at the start of the
script, you must check whether magic_quotes_gpc is on and use
stripslashes() as appropriate to get the uncorrupted values of the
submitted data.
Always perform the appropriate escaping (eg with
mysql_real_escape_string()) before putting data into an SQL statement.
Joe Webster wrote: If magic_quotes is turned on (the last time I actually used it) I'm pretty
sure a form that a GET/POST request will be escaped to ease insertion into a
database for example.
That's magic_quotes_gpc, which is ON by default...
Coming out of a database such as mySQL, I don't think
I've ever seen them escaped.
....that's magic_quotes_runtime, which is OFF by default. These are
separate options.
IMO, it's bad practice to use/depend on magic_quotes being on.
<nod>
-- brion vibber (brion @ pobox.com)
"Brion Vibber" <br***@pobox.com> wrote in message
news:39*************@individual.net... "Ken in Melbourne Australia" <ke*@mira.net> wrote:The PHP manual defines
"magic_quotes_runtime
If enabled, most functions that return data from an external
source, including databases and text files, will have quotes
escaped with a backslash "...
This term 'external source' isn't defined anywhere in the
manual! Is the data in our $_GET and $_POST variables
considered an external source? The term 'most functions'
without further explanation is most ambiguous.
Well, $_GET and $_POST are not functions. They are array variables.
If magic_quotes_gpc is set to off in the php.ini file, can
we control whether the $_GET and $_POST data is
automagically slashed using set_magic_quotes_runtime()?
or is magic_quotes_runtime only used for the data coming
out of our database or files and a few special uses?
You could test this question in much less time than it takes to ask a
question on usenet and wait for a response. :)
Because magic_quotes_runtime corrupts data with slashes coming from
various _unspecified_ functions, you should probably never, ever use
magic_quotes_runtime without doing a lot of careful testing.
For the array values, which are already present at the start of the
script, you must check whether magic_quotes_gpc is on and use
stripslashes() as appropriate to get the uncorrupted values of the
submitted data.
Always perform the appropriate escaping (eg with
mysql_real_escape_string()) before putting data into an SQL statement.
Joe Webster wrote: If magic_quotes is turned on (the last time I actually used it) I'm
pretty sure a form that a GET/POST request will be escaped to ease insertion
into a database for example.
That's magic_quotes_gpc, which is ON by default...
Coming out of a database such as mySQL, I don't think
I've ever seen them escaped.
...that's magic_quotes_runtime, which is OFF by default. These are
separate options.
IMO, it's bad practice to use/depend on magic_quotes being on.
<nod>
-- brion vibber (brion @ pobox.com)
You know, it's usually at the end of my day when I'm tired when I start
getting to the news group -- maybe I should keep my fingers shut :) Anyway,
Brion is right... two different options. http://us4.php.net/magic_quotes
I feel sorry for whoever came up with magic_quotes*, realizing that we all
hate him for the confusion :)
-Joe This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: xuatla |
last post by:
compile error:
test1.cpp:21: error: ISO C++ says that
`T mtd::CDiffOperator::getdp(const mtd::mVector&, long int,
mtd::mBCTYPE) const'
and
`void mtd::CDiffOperator::getdp(mtd::mVector&, const...
|
by: Alex Zhitlenok |
last post by:
Hi,
My question is how to resolve in C# ambiguous overloaded operators?
Let say, I have two unrelated classes A and B, each one implements
overloaded operator + with the first parameter of type...
|
by: Prasad |
last post by:
HI,
I am a beginner in VC++..
I am trying to write a Win32 console application in visual studio..
I am using following header files..
#include <STRING>
using namespace std;
#include...
|
by: Arpan |
last post by:
The following code exists in a class file named "Users.vb":
Namespace Users
Public Class UserDetails
Public FirstName As String
Public LastName As String
Public UserName As String
Public...
|
by: rn5a |
last post by:
Consider the following code in a VB class file:
Namespace LoginUserFetchDB
Public Class ZForZebra : Inherits SoapHeader
Public UserName As String
Public Password As String
End Class
Public...
|
by: =?Utf-8?B?Q3JhaWc=?= |
last post by:
Background:
I am building a Windows enterprise application that has separate assemblies
for UI, business logic/rules, and data access (i.e. typical N-tier
architecture). Many of the assemblies...
|
by: maxinuruguay |
last post by:
I am trying to figure out how, given a text file, you can determine if there are repeating phrases of any given length. I can get the word count, line count and other statistical information but no...
|
by: Nathan Sokalski |
last post by:
I have several CustomControls that I have written for my project. However,
when I try to compile I recieve the following warning & errors:
Warning 32 Could not resolve this reference. Could not...
|
by: SuperNova |
last post by:
Hello!
I need to mark similar phrases in two different texts, for example to
use <btag.
Example:
text 1:
Google Chrome is a browser that combines a minimal design with
sophisticated...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
