Jump to content

_magic_

RON_ron

By RON_ron
in PHP Coding Help

 Share

Recommended Posts

RON_ron Advanced Member

RON_ron

Posted
Posted

if( get_magic_quotes_gpc() ) {

$subjects = mysql_real_escape_string(stripslashes($_POST['subjects']));

$codeA = mysql_real_escape_string(stripslashes($_POST['codeA']));

} else {

$subjects = mysql_real_escape_string($_POST['subjects']);

$codeA = mysql_real_escape_string($_POST['codeA']);

}

 

I'm using the above to maintain the new paragraphs (when the user hits the Enter key). But unfortunately the back slashes are still appearing... Could someone help me here?

Link to comment
https://forums.phpfreaks.com/topic/267999-_magic_/
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

mysql_real_escape_string will add slashes for any character's (' and ") which could break your SQL. That said relying on mysql_* functions should be avoided and you should use the mysqli_* functions instead or PDO.

 

http://php.net/mysqli-real-escape-string

Link to comment
https://forums.phpfreaks.com/topic/267999-_magic_/#findComment-1375198
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

For us to be able to help you with any programming problem you are having, you must supply the all the relevant code and sample data needed to reproduce the problem. There's at least 6 different things I can think of that could cause the symptom.

Link to comment
https://forums.phpfreaks.com/topic/267999-_magic_/#findComment-1375211
Share on other sites
RON_ron Advanced Member

RON_ron

Posted
  • Author
Posted

Thanks. This is the full code.

 

if( get_magic_quotes_gpc() ) {

$subjects = mysql_real_escape_string(stripslashes($_POST['subjects']));

$codeA = mysql_real_escape_string(stripslashes($_POST['codeA']));

} else {

$subjects = mysql_real_escape_string($_POST['subjects']);

$codeA = mysql_real_escape_string($_POST['codeA']);

}

$update = sprintf("INSERT INTO newdb (subject, code) VALUES ('%s', '%s')", mysql_real_escape_string($subjects), mysql_real_escape_string($codeA));

$result = mysql_query($update);

Link to comment
https://forums.phpfreaks.com/topic/267999-_magic_/#findComment-1375218
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

That's how it should be done:

 

if (get_magic_quotes_gpc()) {
    $_POST['subjects'] = stripslashes($_POST['subjects']);
    $_POST['codeA'] = stripslashes($_POST['codeA']);
}
$update = sprintf("INSERT INTO newdb (subject, code) VALUES ('%s', '%s')", mysql_real_escape_string($_POST['subjects']), mysql_real_escape_string($_POST['codeA']));
$result = mysql_query($update);

Link to comment
https://forums.phpfreaks.com/topic/267999-_magic_/#findComment-1375235
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.