Re: adding "addslahses" to already live project - best approach?

From: Brent Palmer (bapalmer_at_bigpond.net.au)
Date: 03/21/05 

Date: Mon, 21 Mar 2005 07:34:55 GMT

"Dave Smithz" <SPAM FREE WORLD> wrote in message
news:423e2152$1@news1.homechoice.co.uk...
> Having adopted someone else's PHP cope and completing a crash course in
> the
> language I came across a (probably common) problem with the current code.
>
> On a registration form, whenever users names have an apostrophe in them it
> causes problems as they do not get added to the DB correctly for reasons
> that immediately become apparent.
>
> Before implementing my own workaround I noticed the functions.
>
> addslashes, stripslashes and directive magic_quotes_gpc. These seem like
> great ideas and I will now use them.
>
> What is the best way of introducing this practise across all of the code
> for
> this project. It is something I want to progressively, therefore as I make
> changes when necessary, I will also add these changes, I do not want to
> have to go through the entire code now changing everything.
>
> Can I just do something like the following
>
> On each new script I create do the following.
>
> Check if the magic quotes directive is enabled, and if so do nothing, but
> if
> not, manually run the addslashes function and wherever data is retrieved
> from the database go in and add a stripslashes.
>
> Actually I could just make the changes in the code that writes to and
> retrieves info from the database rather then on each script that collects
> form input. This would therefore lessen the need to make multiple changes
> to
> the code.
>
> Is that all I will need to do. Is there any implications that I am not
> aware
> of by implementing this in a particular way?
>
> Forgive the slight vagueness in this question, I am still surprised to
> find
> this was not done in the start.
>
> Kind regards
>
> Dave

I agree with Brian but I use the function htmlspecialchars();
This changes the special chars like quotes ' and " and so on... to HTML
entities .
Eg.
 '&' (ampersand) becomes '&amp;'
 '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set.
 ''' (single quote) becomes '&#039;' only when ENT_QUOTES is set.
http://au2.php.net/htmlspecialchars

Brent Palmer.

Relevant Pages

  • adding "addslahses" to already live project - best approach?
    ... addslashes, stripslashes and directive magic_quotes_gpc. ... On each new script I create do the following. ... from the database go in and add a stripslashes. ... retrieves info from the database rather then on each script that collects ...
    (comp.lang.php)
  • DBI quote() seems to replace double quotes with two single quotes
    ... I'm running a script where I'm inserting some values into a MySQL ... the database and the problem it's causing me is that it seems to ... replace double quotes with two single quotes. ...
    (perl.beginners)
  • Re: Jt400: metadata of a table is not working with JDBC ;; DatabaseMetadata jMetadata
    ... You ahve to enclose ttable name in double quotes ... return information about database and table components, ... Some non-GUI tools will automatically parse a statement to delimit ... SQL identifiers as case insensitive and store ...
    (comp.sys.ibm.as400.misc)
  • Applescript and Autoformat (search and replace), Word 2004
    ... script that will take care of a recurring editing issue with nested ... quotes to double quotes, ... set oldauto2 to auto format as you type replace quotes ... set auto format as you type replace quotes to false ...
    (microsoft.public.mac.office.word)
  • Re: Relationships question
    ... on quotes, and all the quotes it appeared in, I would have to write code to ... You're right about my 97 app. ... So by orphaned data, do you mean to make sure I use the options to ... I have 65 tables in my back-end database, and with Access 97, if you ...
    (comp.databases.ms-access)