NYCPHP Meetup

[nycphp-talk] Is there something wrong with this SQL query in PHP?

Anthony Wlodarski aw at sap8.com
Wed Aug 15 09:06:39 EDT 2007


So I was doing some reading on magic quotes and wrote a simple check to see
if it is on or not.  On our box magic quotes are disabled (which is the way
I would prefer it, I would rather manually add my own slashes to sequences
that need it) but my shared hosting has magic quotes enabled.  Now I know
the admin of the shared hosting is not going to turn off magic quotes
because not everyone that uses the services are diligent programmers.

 

So let us say magic quotes are on and I have a string like so.

 

$str = "You're didn't dood it.";

 

So if that is passed to a different script in say a $_POST['str']  variable
would then the string look like "You\'re didn\'t dood it."?  Now even if
magic quotes are enabled and I use mysql_real_escape_str($_POST['str'])
would the string then look like "You\\\'re didn\\\'t dood it."?  I am just
trying to find a safe practice for every time I have to use a SQL query.

 

Anthony Wlodarski

Senior Technical Recruiter

Shulman Fleming & Partners

646-285-0500 x230

aw at sap8.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070815/a837b537/attachment.html>


More information about the talk mailing list