Boo-urns Posted March 6, 2009 Share Posted March 6, 2009 I have my data running through mysqli_real_escape_string before I send it to the database. However I notice when I look at the data in the database it appears to not be escaped. Does the mysqli class automatically escape data? As, I don't think my data is being escaped (when i set it up w/o the real_escape_string) but when I echo out the query it is. Does this version of PhpMyAdmin 2.11.9.4 display data with stripslashes? Thanks! Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/ Share on other sites More sharing options...
WolfRage Posted March 8, 2009 Share Posted March 8, 2009 gpc_magic_qoutes is probably turned on, plus you can help protect yourself from attack by using htmlentities() which will convert all symbols to html equivalents. Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-779513 Share on other sites More sharing options...
RussellReal Posted March 8, 2009 Share Posted March 8, 2009 basically escaping the data is to get it successfully to the database if inside your string somewhere you have a ' it will kill the query thats why it turns ' into \', but when it reaches the database it will have been escaped in the query, therefore it will show up correct in the database, you most likely as wolf states gave magic quotes on, so, you'd want to stripslahes Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-779516 Share on other sites More sharing options...
PFMaBiSmAd Posted March 8, 2009 Share Posted March 8, 2009 The escape characters \ are NOT inserted into the database. They are only present in the query string to indicate which special characters are to be treated as data and which are to be treated as part of the query syntax. Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-779569 Share on other sites More sharing options...
RussellReal Posted March 8, 2009 Share Posted March 8, 2009 The escape characters \ are NOT inserted into the database. They are only present in the query string to indicate which special characters are to be treated as data and which are to be treated as part of the query syntax. ^^ yeah basically what I said, but probably more understandable lol Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-779881 Share on other sites More sharing options...
Mchl Posted March 8, 2009 Share Posted March 8, 2009 Well... with magic_quotes on the values would be escaped twice, and thus the slashes would actually be stored in database Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-779885 Share on other sites More sharing options...
Boo-urns Posted March 9, 2009 Author Share Posted March 9, 2009 hmm interesting. So is it best to have magic quotes off? It does look like it is on. Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-780300 Share on other sites More sharing options...
Mchl Posted March 9, 2009 Share Posted March 9, 2009 Yes it is. magic_quotes was a failed attempt to make scripts created by unexperiened coders more secure. magic_quotes is deprecated in PHP5 and will be removed completely in PHP6 http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-780304 Share on other sites More sharing options...
Boo-urns Posted March 9, 2009 Author Share Posted March 9, 2009 Alrighty, I didn't rely on it anyway. Thanks for the info! Link to comment https://forums.phpfreaks.com/topic/148240-solved-data-not-being-escaped-mysqli-phpmyadmin/#findComment-780338 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.