[ale] [OT] .php logic problem
George Carless
kafka at antichri.st
Thu Aug 7 14:16:13 EDT 2003
> I have spent a lot of time on a weird php problem.
> I am trying to make sure that the ' character is always escaped in my
> database.
>
> * I do not have the ability to configure the server.
> * I do not know or care to know if magic_quotes_gpc is ON
You should know and care to know, since this is important. And you can
often set php server variables within your PHP code, even if you do not
have access to the php.ini
> 2. If I stripslashes and addslashes like this:
> $description = stripslashes($description);
> $description = addslashes($description);
> this results in ' (no slashes) (why?)
I'm not sure why - seeing more context would be useful. But why would you
want to stripslashes and then addslashes right after?
> 3. If I try getting fancy, I get lost like this:
> $description = stripslashes($description);
> $description = ereg_replace("'", "3edc1", $description);
> $description = ereg_replace("3edc1", "'", $description);
> $description = addslashes($description);
> this still results in ' (no slashes)
This is some bizarre code - what on earth are you doing all of that for?
>
> 4. My goal is to always end up with \' in the database after I update
> How do I do that?
This point suggests to me that you misunderstand the purpose of
addslashes. You should *not* wind up with \' in your database, and it's
not desirable to do so. All addslashes does is prevents ' from closing
the quoted string that's being passed to the database - i.e. without
addslashes, inserting with "This is George's code" would lead the dbms to
think that your quote ended at "George", leading to problems - addslashes
avoids this problem. But you shouldn't wind up with "George\'s code"
within the database.
--George
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list