NathanLedet Posted July 29, 2008 Share Posted July 29, 2008 Very simple form to put data into a database... $firstname = mysql_real_escape_string($_POST['firstname']); if i put in firstname as something like tes't, it outputs tes\\\'t ??? Quote Link to comment Share on other sites More sharing options...
d.shankar Posted July 29, 2008 Share Posted July 29, 2008 Thats what the fucntion does . it escapes single quotes to backslashes to avoid SQL injection attacks. What are u trying to achieve ? Quote Link to comment Share on other sites More sharing options...
NathanLedet Posted July 29, 2008 Author Share Posted July 29, 2008 I'm just trying to secure the form to prevent injection attacks. I thought it was supposed to add only 1 slash. Is it because of magic quotes? Quote Link to comment Share on other sites More sharing options...
d.shankar Posted July 29, 2008 Share Posted July 29, 2008 Yes turn it off ! Quote Link to comment Share on other sites More sharing options...
NathanLedet Posted July 29, 2008 Author Share Posted July 29, 2008 I found this function and it works well $dbh=mysql_connect ("localhost", "user","pass") or die(mysql_error()); function escape_data ($data) { global $dbh; if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string(trim($data), $dbh); } $firstname = escape_data($_POST['firstname']); Now...is it considered bad practice to put data into a database with \' or \" ? I would say yes, because Now I have to use stripslashes($firstname) whenever I'm pulling it out just so it looks right...but how do I put $firstname into the database and ensure it's safety? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 29, 2008 Share Posted July 29, 2008 The escape characters \ in a query are not inserted into the database. However, if you are getting \ in data after it has been retrieved from a database, it is because of the magic_quotes_runtime setting, which should be turned off as well. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.