shadowayex Posted October 5, 2009 Share Posted October 5, 2009 I'm creating a nice communication system that includes the use of mysql_real_escape_string(). I use stringslashes() to get rid of the slashes that are put into the database when it is pulled back out, but stripslahes actually takes out backslashes the user types. I would like to keep those particular ones. I've tried using regular expreessions to get around this, but I can seem to find a pattern to get around this. Anyone have any ideas? They don't have to be with the use of regular expressions. Anything would help. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 5, 2009 Share Posted October 5, 2009 You should be stripping the slashes before you put the data in. Using mysql_real_escape_string shouldn't add any slashes to your actual data, it only makes it so that the query works correctly. If you have slashes in the data that means they were there before you used mysql_real_escape_string, so you should remove them at that point. When you get form data you should check if magic quotes is enabled and strip the slashes if so, magic quotes will automatically add slashes to the form data. e.g.: $var = $_POST['var'];if (magic_quotes_gpc()) $var = stripslashes($var); Link to comment Share on other sites More sharing options...
shadowayex Posted October 5, 2009 Author Share Posted October 5, 2009 Oh, so it's something completely different making the slashes. I thought it was myslq_real_escape_string() doing it. I'm going to test you solution and hope it works. It makes sense. I'll return with the results. Link to comment Share on other sites More sharing options...
shadowayex Posted October 5, 2009 Author Share Posted October 5, 2009 When I try the if statement, I get an error "undefined function magic_quotes_gpc()." So, I don't think that's it. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 5, 2009 Share Posted October 5, 2009 Sorry, it's get_magic_quotes_gpc.http://www.php.net/manual/en/function.get-...-quotes-gpc.php Link to comment Share on other sites More sharing options...
shadowayex Posted October 5, 2009 Author Share Posted October 5, 2009 Ok, so now it works. So I should just do this before each time I put something in a database, right? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 5, 2009 Share Posted October 5, 2009 Yeah, anything you get from post, get, or cookies might have slashes added. That's what magic quotes does. Link to comment Share on other sites More sharing options...
Synook Posted October 5, 2009 Share Posted October 5, 2009 You can also just disable magic_quotes using .htaccess so you don't have to worry about it at all - http://www.php.net/manual/en/security.magi...s.disabling.php Link to comment Share on other sites More sharing options...
shadowayex Posted October 5, 2009 Author Share Posted October 5, 2009 Is there any reason I would ever need magic quotes?Edit: I think I answered my own question. In the case that I would ever need to escape data, I could just use addslashes(), right?Edit 2: With the use of .htaccess, is there a particular place I need to put this file? I have it in my site's directory, is that fine? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.