[nycphp-talk] Is there something wrong with this SQL query in PHP?
Anthony Wlodarski
aw at sap8.com
Wed Aug 15 09:06:39 EDT 2007
So I was doing some reading on magic quotes and wrote a simple check to see
if it is on or not. On our box magic quotes are disabled (which is the way
I would prefer it, I would rather manually add my own slashes to sequences
that need it) but my shared hosting has magic quotes enabled. Now I know
the admin of the shared hosting is not going to turn off magic quotes
because not everyone that uses the services are diligent programmers.
So let us say magic quotes are on and I have a string like so.
$str = "You're didn't dood it.";
So if that is passed to a different script in say a $_POST['str'] variable
would then the string look like "You\'re didn\'t dood it."? Now even if
magic quotes are enabled and I use mysql_real_escape_str($_POST['str'])
would the string then look like "You\\\'re didn\\\'t dood it."? I am just
trying to find a safe practice for every time I have to use a SQL query.
Anthony Wlodarski
Senior Technical Recruiter
Shulman Fleming & Partners
646-285-0500 x230
aw at sap8.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070815/a837b537/attachment.html>
More information about the talk
mailing list