I've seen dozens of PHP snippets that go like this: function DB_Quote($string) { if (get_magic_quotes_gpc() == true) { $string = stripslashes($string); } return mysql_real_escape_string($string); } What happens if I call DB_Quote("the (\) character is cool");? (Thanks jspcal!) Aren't we supposed to strip slas...
Hi I have some problem regarding the search in mysql. Below is my query. SELECT * FROM table WHERE name LIKE "%admin\'s%"; When i am executing this query it will return zero data. actually i have "admin\'s" stored in db. this "\" is to prevent sql injection. i have used mysql_real_escape_string to prevent the sql injection. but wh...
when i write input data: hel'l"lo print_r($_POST) display hel\'\"lo and when i use if(get_magic_quotes_gpc()){ mysql_real_escape_string($_POST); display hel\\\'\\\"lo now my quetion is that "is it necessary to use mysql_real_escape_string? bcoz i think php automaticaaly add slashes in post varaiable?" ...
I've been doing some reading on securing PHP applications, and it seems to me that mysqli_real_escape_string is the correct function to use when inserting data into MySQL tables because addslashes can cause some weird things to happen for a smart attacker. Right? However, there is one thing that is confusing me. I seem to remember being...
I'm having an issue with inserting JSON into a database, my intention is to take the variables, json_encode them, remove slashes (from magic_quotes), and then addslashes back in to escape the quotes in {"key":"value"} Unfortunately, strip_slashes on the encoded string isn't doing anything, and outputs this {"content":"<p>This string ha...
html form code- <td width="75"> <input name="txtQty[]" type="text" id="txtQty[]" size="5" value="<?php echo $ct_qty; ?>" class="box" onKeyUp="checkNumber(this);"> when I submit form I calls following script- if (!get_magic_quotes_gpc()) { if (isset($_POST)) { foreach ($_POST as $key => $value) { $_POST[$key] = trim(add...