Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2021 - online Python 3 training - see ((here)).

Our plans were to retire in summer 2020 and see the world, but Coronavirus has lead us into a lot of lockdown programming in Python 3 and PHP 7.
We can now offer tailored online training - small groups, real tutors - works really well for groups of 4 to 14 delegates. Anywhere in the world; course language English.

Please ask about private 'maintenance' training for Python 2, Tcl, Perl, PHP, Lua, etc.
PHP Magic Quotes

Do you want to read a string from a form and save it into a database? "Easy" you might say ... and indeed it is ... but if you just take the exact characters that were entered into the form and embed them in your SQL, you're laying yourself open to an injection attack. That's where a user enters a string that includes quotes, which are used as delimiters by SQL commands.

Early / more advanced / sophisticated users of PHP know of this risk and use the addslashes function before they place user inputs into SQL strings. But with huge growing popularity and use by beginners and more casual programmers, there was too much risk of PHP getting itself a bad name for insecure systems. So "Magic Quotes" were introduced. With Magic Quotes, the input arrays $_GET, $_POST, $_COOKIE and $_REQUEST are all encoded with extra \ characters in front of any user entered quote character ...thus making the input directly and safely transferreable into an SQL table - but at the expense of it appearing on the screen if the programmer prints it back out. See the example picture provided ....

For the sake of compatibility with existing code (and to appease the people who were quite happy to carefully add slashes all around), Magic Quotes were added to the list of configurable options in PHP and to this day it's probably one of the first things that I look at when I'm using a new host. Personally, I don't care which way it is set but I regret the incompatibility it can cause as an application is moved between servers.

Want to make your application portable? You can - since you can check the setting of the magic_quotes_gpc variable from your script, and if it is set, use stripslashes to regularise your input. We've a demo showing how you can do this on a single input field ** Link ** and there's a further discussion and more examples at the PHP manual site ** Link **



(written 2005-08-22, updated 2008-05-17)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H107 - String Handling in PHP
  [31] Here documents - (2004-08-28)
  [54] PHP and natural sorting - (2004-09-19)
  [337] the array returned by preg_match_all - (2005-06-06)
  [463] Splitting the difference - (2005-10-13)
  [493] Running a Perl script within a PHP page - (2005-11-12)
  [558] Converting between acres and hectares - (2006-01-08)
  [560] The fencepost problem - (2006-01-10)
  [574] PHP - dividing a string up into pieces - (2006-01-23)
  [589] Robust PHP user inputs - (2006-02-03)
  [608] Don't expose your regular expressions - (2006-02-15)
  [642] How similar are two words - (2006-03-11)
  [716] Evaluating arithmetic expressions in configuration files - (2006-05-10)
  [728] Looking ahead and behind in a Regular Expression - (2006-05-22)
  [1008] Date conversion - PHP - (2006-12-26)
  [1058] PHP Regular expression to extrtact link and text - (2007-01-31)
  [1195] Regular Express Primer - (2007-05-20)
  [1336] Ignore case in Regular Expression - (2007-09-08)
  [1372] A taster PHP expression ... - (2007-09-30)
  [1533] Short and sweet and sticky - PHP form input - (2008-02-06)
  [1603] Do not SHOUT and do not whisper - (2008-04-06)
  [1613] Regular expression for 6 digits OR 25 digits - (2008-04-16)
  [1799] Regular Expressions in PHP - (2008-09-16)
  [2046] Finding variations on a surname - (2009-02-17)
  [2165] Making Regular Expressions easy to read and maintain - (2009-05-10)
  [2238] Handling nasty characters - Perl, PHP, Python, Tcl, Lua - (2009-06-14)
  [2629] Curly braces within double quoted strings in PHP - (2010-02-09)
  [3020] Handling (expanding) tabs in PHP - (2010-10-29)
  [3424] Divide 10000 by 17. Do you get 588.235294117647, 588.24 or 588? - Ruby and PHP - (2011-09-08)
  [3515] PHP - moving from ereg to preg for regular expressions - (2011-11-11)
  [3516] Regular Expression modifiers in PHP - summary table - (2011-11-12)
  [3534] Learning to program in PHP - Regular Expression and Associative Array examples - (2011-12-01)
  [3788] Getting more than a yes / no answer from a regular expression pattern match - (2012-06-30)
  [3789] More than just matching with a regular expression in PHP - (2012-06-30)
  [3790] Solution looking for a problem? Lookahead and Lookbehind - (2012-06-30)
  [4071] Setting up strings in PHP - (2013-04-27)
  [4072] Splitting the difference with PHP - (2013-04-27)


Back to
Don't repeat code - use loops or functions
Previous and next
or
Horse's mouth home
Forward to
A Victorian Lady
Some other Articles
Robust checking of data entered by users
Caching an XML feed
How not to run a forum
A Victorian Lady
PHP Magic Quotes
Don't repeat code - use loops or functions
Towards Tebay
Most popular courses
Difference between import and from in Python
Telephone Preference Service - we're registered
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2021: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/422_PHP- ... uotes.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb