Jump to content

Addshashes Problem

deecee2000

By deecee2000
in PHP Coding Help

 Share

Recommended Posts

deecee2000 Newbie

deecee2000

Posted
Posted

Hello All,

 

  I have weired problem with addslashes. Please review this below code.

 

  function handleAddSlashes($string)

  {

if(get_magic_quotes_gpc() == 1)

{

return $string;

}

else

{

return $string = addslashes($string);

}

}

 

Currently "get_magic_quotes_gpc" is "on" at my server.

 

When I tried to insert any value using this function it works well.

 

i.e.

$value = "Don't";

$test = handleAddSlashes($value);

And INSERT this value in do DB by using INSERT query.

 

Up to here there is no any problem.

 

Now I want to read this value from DB and want to insert this value in another table.

So "SELECT * FROM table1;

$value = fetch_value from DB.

 

Now inserting again this value into DB my using the same above function.

$value = "Don't";  \\now this value coming from DB.

$test = handleAddSlashes($value);

And INSERT this value in do DB by using INSERT query.

 

But it is saying the query fail. Even I insert this value without using this function, still it is giving the error.

 

Please let me know how can I resolve this issue.

 

Thanks in advance.

 

 

Link to comment
https://forums.phpfreaks.com/topic/182604-addshashes-problem/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Because magic_quotes_gpc is ON, your function does not escape the data. Therefore, any data that did not come from a post/get/cookie will not be escaped at all and any special sql characters in it, such as a ', will break the sql syntax and prevent a query from working.

 

Your function needs to be rewritten anyway, because you should actually use stripslashes() to remove any escaping if magic_quotes_gpc is on, then unconditionally use mysql_real_escape_string() on any string data put into a query. You function should also only be used on any post/get/cookie data put into a query. You should directly use mysql_real_escape_string() on any other string data put into any query.

Link to comment
https://forums.phpfreaks.com/topic/182604-addshashes-problem/#findComment-963768
Share on other sites
deecee2000 Newbie

deecee2000

Posted
  • Author
Posted

Thanks for your all help.

 

Now I got the point.

So first time when I was inserting the value it is coming from POST.

I used that "handleAddSlashes" function to escape that single quote.

As my get_magic_quotes_gpc() is on, there is no any problem to insert in to DB.

 

Now I was retrieving the value from DB, and using same function for escape that single quote.

As get_magic_quotes_gpc() function work only for GET/POST/COOKIE. So it was not escaping the value which coming from DB.

Therefore I need to do again addslashes with that value which coming from DB to insert in another table.

 

So not this problem is fixed :)

Thanks,

 

 

Link to comment
https://forums.phpfreaks.com/topic/182604-addshashes-problem/#findComment-964187
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.