Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
20.9.2014 - We have just updated our course layouts and descriptions and added our 2015 schedule.

addslashes() & stripslashes() question

Posted by Chris_Isaac (Chris Isaac), 15 March 2006
Hi

I used the addslashes function on some data coming in off a web page, but when I came to do the reverse I had to use Stripslashes(stripslashes(data)) to remove all the '\'.

Is this normal to have to double up on the stripslashes function?

Posted by admin (Graham Ellis), 16 March 2006
Hi, Chris .... sorry it's taken a while - I've been fighting a denial of service attack against our servers ....

If your server has a default configuration, with magic quotes ON then you don't need to add slashes at all as you put the data through to the database, and it will come off clean without the need to stripslashes at all.   In this configuartion, if you want to use the data that the user has entered for something OTHER THAN putting into the database, you'll need to stripslash it.

If magic quotes are OFF then you need to addlslashes to all user inputs before you put them up to the database. Failure to do so would leave you open to an injection attack.


Posted by Chris_Isaac (Chris Isaac), 17 March 2006
Thanks Graham, Magic quotes was on problem cured!



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho