Question regarding to addslashes().

[bbmak]

PHP version 5.2

MySQL ver. 5.1

 

Isn't the new php and mysql will automatic put \ in front of a " when inserting into mysql?

because I try to ignore addslashes in to my script. it will automatic put a \ in front.

However, if I put addslahes(), it will put  \\\" like that.

[jazzman1]

Could you post out a piece of code?

[gizmola]

There is nothing automatic about slashes in php other than the magic_quotes_gpc which has been deprecated for a long time.  Furthermore, the mysql api is deprecated for mysqli and when using that api you should use named parameters which means you don't need to escape characters.  Last but not least, even if you are not using mysqli (or pdo which is an alternative with similar advantages) you should be using mysql_real_escape_string rather than addslashes.

[jcbones]

You need to make sure you disable magic_quotes_gpc.

 

You cannot disable it at runtime, you can only strip the slashes that it applies, so if you have server access, then disable it.  This function has been depreciated in PHP5.3 and removed in PHP5.4.

 

runtime fix *FROM MANUAL

<?php
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}
?>