[nycphp-talk] Saving data from forms
Daniel Convissor
danielc at analysisandsolutions.com
Fri Feb 8 12:47:20 EST 2008
Hi Anthony:
On Thu, Feb 07, 2008 at 07:33:37PM -0500, Anthony Wlodarski wrote:
>
> Input from form -> check for magic quotes(if not then add quotes) -> md5
> value -> save to database.
>
> Now what happens if you change the logic to:
> Input from form -> md5 value -> save to database.
>
> Other individuals I have discussed this with would say that if you are on a
> platform without magic quotes then the md5 values will be different. Is
> this the case?
You will get a different hash, since "That\'s good stuff, man." is
different than "That's good stuff, man."
In your case it doesn't fully matter if it's on or off, ASSUMING that
they will ALWAYS be in that same state. The initial save and the
subsequent verification submissions will both hit MD5 function with the
same string. But if the company changes servers/versions/settings which
winds up changing this ini setting, you're SCREWED.
PHP comes with this nightmarish feature turned off by default and most
hosts I've seen have it off also. So, if you need to ENSURE portability,
plan your logic accordingly. For example, if MQ is on, put in
stripslashes before making the MD5 hash. Or you could do the database
server's MD5(), since the slashes will be gone by the time it gets there.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list