SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
-
May 6, 2009, 23:45 #1
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
slashes going inside database values
Hello
My server has magic_quotes on and my code had add_slashes which I have removed. Now values get added in database properly. But there is a small problem. When filling up the form, if javascript is disabled and there is an error validating the form inputs(i.e. if any input is empty or wrong), any form input having the ' or " become /' or /" and remains as it is. Now when the form is finally submitted it goes with the /' or /" instead of simply ' or " and gets stored in the database in the same way which is what I don't want. What is it that I am doing wrong or missing??
-
May 6, 2009, 23:52 #2
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Easy solution. Disable magic_quotes and properly escape (mysql_real_escape_string) the input yourself before putting it into a query.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
May 7, 2009, 00:59 #3
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I have done that. But disabling magic_quotes gives me an error in another form on my site. Also I do not have access to change the setitngs. Isn't there a way to correct this problem keeping magic_quotes on??
Thnks
-
May 7, 2009, 02:34 #4
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Run this code on the pages you want to 'disable' magic quotes, while keeping it on for the site/server as a whole:
PHP Code:if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
}//if
-
May 20, 2009, 04:39 #5
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Isn't there a better way, I mean calling the init.php with the if function on all pages?? For 15-20 pages it is fine but when you have code running in hundreds of pages it is not feasible.
Thnks
-
May 20, 2009, 04:46 #6
- Join Date
- Oct 2006
- Location
- Kathmandu, Nepal
- Posts
- 4,013
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Create a page or place the code in the database connection page/file which you include all the times but should be included on top of the page.
Mistakes are proof that you are trying.....
------------------------------------------------------------------------
PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5
-
May 20, 2009, 04:50 #7
- Join Date
- Apr 2008
- Location
- North-East, UK.
- Posts
- 6,111
- Mentioned
- 3 Post(s)
- Tagged
- 0 Thread(s)
@AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.
-
May 20, 2009, 05:25 #8
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
The majority of web applications will have this kind of init / bootstrap file, so it shouldn't be a problem just inserting it in there. If not, you can also automatically include files at the top of every script with php_auto_prepend_file or something, a setting in httpd.conf/.htaccess
Bookmarks