php automatically escaping single quotes

flash gordon · November 23, 2009

I'm trying to test out my security a bit and I've noticed that php is escaping my single quotes. For instance I enter x' OR 1=1-- in a form and the output it gives me is x\' OR 1=1--.

Is there a setting in php or apache that automatically escapes single quotes?

cheers.

Mchl · November 23, 2009

http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc

flash gordon · November 23, 2009

thank you.

And even though this is deprecated, it's a good thing that the single quotes are automatically escaped? What's the replacement to the deprecated property?

Mchl · November 23, 2009

You should not rely on this function (as stated in manual). It's better to turn it off all together (if possible)

You should instead escape your data just before putting it into your database queries. Use specialised functions for that, like mysql_real_escape_string for ext\mysql

flash gordon · November 23, 2009

alrighty. thank you much for the help.

cheers

[RESOLVED]

Sign In

php automatically escaping single quotes

Recommended Posts

flash gordon

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

flash gordon

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

flash gordon

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information