about special characters and filter with non varibles

[cherri8]

\' single quote \" double quote \\ backslash \n new line \r carriage return \t tab \b backspace \f form feed hi Im really confuse about what these terms mean and where and how to use them so far I know that they have to be used in strings and in echo.I already know about the single quote and double quote.Please provide examples to explain them in simple terms.i search on many tutorials site but nothing helps ;(. Im also really confused about something with the filtering.when i filter my varibles like email, connect varibles do i have to filter the stuff where these varibles go?.I'll put examples: $my_servername $my_username$my_password$my_database ----i have filter these varibles that is used to connect to the server with mysql_real_escape_string, filter_var($my_servername, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); -i use this hoping it takes away everything except numbers and letters, (preg_match('/[^a-zA-Z0-9]/i', $my_password))!==TRUE i don't have a problem with these varibles but it is with these "non varibles" because im wondering if i have to filter them since i already filter their varibles on top: $con = mysql_connect($my_servername,$my_username,$my_password);$createdatabase = mysql_query("CREATE DATABASE $my_db",$con);$getdata = mysql_select_db($my_db, $con); do i have to filter these also even though the variables going inside them are already filtered ?.tutorials on net talk as if everything needs to be filtered.for example if i need to filter a whole table with the varibles already inside that was filtered already?.I hope i make sense im really confusing myself lol.i've been staying up untill 5 in the morning allot just to be a good developer in a short time lol.thanks: CREATE TABLE Persons () INSERT INTO table_name (column1, column2, column3,...)VALUES (value1, value2, value3,...) SELECT column_name(s)FROM table_name and others simliar to these three that takes in varibles.

[birbal]

\' single quote \" double quote \\ backslash \n new line \r carriage return \t tab \b backspace \f form feed

double quotes can evaluate value of \n or \r. where single quote will print its literal value. if you echo \ n or \r in double quote you will not see any difference though those character still exist. "some text \n next paragraph" will prin as "some text next paragraph", because \n or \r has not any significancy in browser's html context. but if you use it in javascript context you will see the difference. if you echo the same line as "<script type='text/javascript'>alert(some text \n next paragraph);</script> you will see a new line break in alert box. \n or \r has significancy rather than that in email servers etc. if you use mail() you will notice that you need to break the lines with \n or \r\n for email servers. now about quotes escaping. when will you use that?echo "she said "something" to me"; // it will be difficult to interpret for php that which are the string. "she said" or "something" or "to me" .....php does not know which double quotes are intendent for literal value. so let php know which is for literal value. escape it! echo "she said \"something\" to me"; same with single quotes. backslash is itself escape characters so it is obvious that if you want print the backslash itself you have to make it know to php. thus you escape it to print the backslashes. http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single <= this is the complete reference with alot of examples. \t is a group of 8 spacesAFAIK \b ,\f has not much used in web context you can google it though. but the esacping principal is same http://en.wikipedia.org/wiki/%5Cf#Form_feedhttp://en.wikipedia.org/wiki/%5Cbhttp://en.wikipedia.org/wiki/%5Ct you MUST have to filter/sanitinze the user inputs or the inputs which comes from outside. eg POST,GET,COOKIE,some headers. but you dont need to filter those which you will hardcode yourself like database crdentials.

[Ingolme]

The only data you need to sanitize is user input, which is data given by GET, POST and COOKIE

[cherri8]

thanks both of you!!! .im relieved that i dont have to filter the other stuff.i was losing my mind before which made it hard to enjoy php.i even forgotten some things i learned just because i never got to practice them because of the filter problem i had. birbal: thank you so much your examples helps me allot.Some of those characters are very similar to each other like newline and carriage returns.I'll just use all characters except form feed and backspace.