Re: [FAQ] addslashes() and striplashes()
From: R. Rajesh Jeba Anbiah (ng4rrjanbiah_at_rediffmail.com)
Date: 03/16/05
- Next message: Gordon Burditt: "Re: Can zend be turned off?"
- Previous message: R. Rajesh Jeba Anbiah: "[FAQ] FAQ Thread (Rev 5)"
- In reply to: Jan Pieter Kunst: "[FAQ] addslashes() and striplashes()"
- Next in thread: R. Rajesh Jeba Anbiah: "Re: [FAQ] addslashes() and striplashes()"
- Reply: R. Rajesh Jeba Anbiah: "Re: [FAQ] addslashes() and striplashes()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 16 Mar 2005 10:41:42 -0800
Q: How do I use addslashes() and stripslashes() when dealing with HTML
forms and database INSERTs, UPDATEs and SELECTs?
Q: How do I handle single quotes in user input, I am getting errors
trying
to INSERT and UPDATE.
Q: Why do I have backslashes in my form data?
Q: What do I need to do to "sanitize" user input so it is
database-safe?
A. It depends on the setting of the php.ini directive
"magic_quotes_gpc". By default, magic_quotes_gpc is On.
If magic_quotes_gpc is On:
Use stripslashes() for data which originates from an HTML form and is
shown in an HTML page after a roundtrip to the server.
Do not use addslashes().
If magic_quotes_gpc is Off:
Use addslashes() when INSERTing or UPDATEing data into the database.
Do not use stripslashes().
You can check the magic_quotes_gpc setting with the
get_magic_quotes_gpc() function.
Contrary to popular belief, it should never be necessary to use
stripslashes() on data which originates from a database SELECT. The
slashes which are added manually with addslashes(), or automagically
when magic_quotes_gpc is On, are only used to properly escape the data
before an INSERT or UPDATE and are themselves not stored in the
database.
Refer:
http://www.php.net/addslashes
http://www.php.net/stripslashes
http://www.php.net/get_magic_quotes_gpc
+++++
@revision 1 Initial
@revision 2 Merged Kenneth Downs comments. Shortened document URLs
@author Jan Pieter Kunst, Kenneth Downs
@todo grammar checking by native English speaker. Maybe the 'Q' should
be something like "Why do I have backslashes in my form data"? Not
sure.
@todo Bring this question to main FAQ Thread. (missed this one in Rev 5)
- Next message: Gordon Burditt: "Re: Can zend be turned off?"
- Previous message: R. Rajesh Jeba Anbiah: "[FAQ] FAQ Thread (Rev 5)"
- In reply to: Jan Pieter Kunst: "[FAQ] addslashes() and striplashes()"
- Next in thread: R. Rajesh Jeba Anbiah: "Re: [FAQ] addslashes() and striplashes()"
- Reply: R. Rajesh Jeba Anbiah: "Re: [FAQ] addslashes() and striplashes()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
