RE: [PHP] str_replace oddity

From: lists@xxxxxxxxxxx ("Peter Lauri")
Date: Sun, 23 Sep 2007 16:53:03 +0200

No, turn Magic Quotes off :)

Best regards,
Peter Lauri

www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free

-----Original Message-----
From: heavyccasey@xxxxxxxxx [mailto:heavyccasey@xxxxxxxxx]
Sent: Sunday, September 23, 2007 3:10 AM
To: Jim Lucas
Cc: Kevin Waterson; php-general@xxxxxxxxxxxxx
Subject: Re: [PHP] str_replace oddity

So replace ' \" ' instead of ' " '.

On 9/22/07, Jim Lucas <lists@xxxxxxxxx> wrote:

Kevin Waterson wrote:

I am using str_replace to strip double quotes.

$string = 'This string has "quotes" in it';

$string = str_replace('"', '', $string);

this seems to work, yet when I put the $string into mysql,
it uses backslashes to escape where the quotes were. The
double-quotes are gone, yet it still escapes the 'ghost'
where they were.

I even tried
str_replace(array("\x8c", "\x9c", "'", '"'), '', $string)
but the ghost remains and mysql continues to escape them.

I check the charsets, and the db is Latin-1 and the sting is ISO-8859-

1

Any thoughts on this would be most graciously accepted.
Kind regards
kevin

is $string honestly something that you are getting via a form submit?

if so, your system might have magic quotes enabled.

This would automatically escape quotes with the attempt to make the
values safer, and then you go and run your str_replace command and
remove the double quotes, you end up leaving the '\' that the system
automatically put in the value for you.

read up on magic quote gpc

hope this helps.

Jim

--
Jim Lucas

"Perseverance is not a long race;
it is many short races one after the other"

Walter Elliot

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

References:
- Re: [PHP] str_replace oddity
  - From: heavyccasey

Prev by Date: Re: [PHP] file() ignores PHP tags
Next by Date: Interesting Rails Vs. PHP article
Previous by thread: Re: [PHP] str_replace oddity
Next by thread: Re: [PHP] php personal project
Index(es):
- Date
- Thread

Relevant Pages

Re: Magic Quotes question
... Why wouldnt you just put the escape function inside of the database ... many modern db engines can use *any* delimiter, for any language, ... "magic quotes" was simply the wrong level to apply data filtering at. ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: [PHP] Double checking - I should turn off "magic quotes"
... that the default option was to have magic quotes turned on. ... What version of PHP did you install?... ... The issue is that you want to FILTER and VALIDATE before you ESCAPE, ... MySQL database a safe way to go? ...
(php.general)
Re: meta characters filtering
... developers have realised this and are slowly trying to dissaude people ... "It's preferred to code with magic quotes off and to instead escape the ... How would I bypass magic quotes being on? ...
(alt.php)
Re: More magic quotes questions
... Don't use .htaccess to turn off magic quotes. ... to escape the strings depending on whether or not it's enabled then it ...
(comp.lang.php)