[TriLUG] PHP strange code question
David McDowell
turnpike420 at gmail.com
Mon Jan 10 10:49:43 EST 2005
I have turned magic_quotes_gpc = Off and magic_quotes_sybase = On in
my /usr/local/lib/php/php.ini file. PHP claims my config path is
/usr/local/lib and I don't have any other php.ini files. Yet, when I
run phpinfo(); in a web page, those values are not updated... gpc = On
and sybase = Off still. Why wouldn't they change? Also, you'd think
our application would "break" until we recode it to match this
change... the app is still fine as well. So it would appear php.ini
is updated but isn't?? (yup, I even restarted httpd for the heck of
it)
thanks,
David
On Fri, 7 Jan 2005 17:31:36 -0500, Joseph Tate <dragonstrider at gmail.com> wrote:
> On Fri, 7 Jan 2005 16:10:04 -0500, David McDowell <turnpike420 at gmail.com> wrote:
> > This does not seem to work or meet our needs (escaping the apostrophe):
> > $Event = addslashes($_POST['event']);
> >
> > I hope I have given enough information for parsing. Anything you see
> > you can throw my way would be much appreciated.
> >
>
> There are usually two solutions to the problem you're describing. The
> first is to turn magic-quotes on in your php.ini file. Then no
> special quoting is necessary for DB inserts, but you may need them at
> other points in time i.e. instead of adding quotes everywhere you
> insert into the database, you'll need them when you are not inserting
> into a database (i.e. writing to a file).
>
> If you make that change, make sure you test all your other PHP code
> for breakage. If magic_quotes_gpc is already on, you may need to
> change the quoting type. Look in the ini file for the word sybase.
> That should help you figure out which type of quoting you need.
>
> The second option is to use the DB specific escape_string function
> like mysql_escape_string. Unfortunately I don't see one for mssql.
> You are probably trying to use addslashes when magic_quotes are on,
> which ends up escaping the escapes, so instead of \' going into the
> SQL query, you'll have \\\'.
>
> --
> Joseph Tate
> Personal e-mail: jtate AT dragonstrider DOT com
> Web: http://www.dragonstrider.com
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list