[nycphp-talk] un-escape db content using php or ADOdb functions
Eugenio Tacchini
eugenio.tacchini at gmail.com
Wed May 2 11:29:16 EDT 2012
Hi,
I've read your interesting article:
http://www.nyphp.org/phundamentals/5_Storing-Data-Submitted-Form-Displaying-Database
I have a couple of questions about the function fix_magic_quotes:
1) Why do you disable magic_quotes_gpc and magic_quotes_sybase via
ini_set? Fixing the content escaped by magic quotes should be enough
in my opinion, am I wrong?
2) As far as I know, stripslashes is affected by magic_quotes_sybase,
s if magic_quotes_sybase is on, both addslashes and stripslashes work
in a sybase-style way. For this reason I don't think you need to use
str_replace.
And finally a more general question: are you aware of any method for
un-escaping content based on db-specific escape function? I mean
something kuje stripslashes but specific so: the counterpart of
addslashes is stripslashes, is there any counterpart for
mysql_escape_string or for the adodb function qstr or the PDO quote
function?
I know that, in an ideal world, we don't need them but if an
application has been build using a "escape everything" approach and
you need to work with that, you need to unescape content when you
don't use it in a query and stripslashes doesn't work if you switch
from addslashes to something like adodb->qstr.
Thanks in advance.
Cheers,
------------------
Eugenio Tacchini
dadabik.org DaDaBIK database front-end
More information about the talk
mailing list