Training, Open Source computer languages

Search for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
PHP Magic Quotes

Do you want to read a string from a form and save it into a database? "Easy" you might say ... and indeed it is ... but if you just take the exact characters that were entered into the form and embed them in your SQL, you're laying yourself open to an injection attack. That's where a user enters a string that includes quotes, which are used as delimiters by SQL commands.

Early / more advanced / sophisticated users of PHP know of this risk and use the addslashes function before they place user inputs into SQL strings. But with huge growing popularity and use by beginners and more casual programmers, there was too much risk of PHP getting itself a bad name for insecure systems. So "Magic Quotes" were introduced. With Magic Quotes, the input arrays $_GET, $_POST, $_COOKIE and $_REQUEST are all encoded with extra \ characters in front of any user entered quote character ...thus making the input directly and safely transferreable into an SQL table - but at the expense of it appearing on the screen if the programmer prints it back out. See the example picture provided ....

For the sake of compatibility with existing code (and to appease the people who were quite happy to carefully add slashes all around), Magic Quotes were added to the list of configurable options in PHP and to this day it's probably one of the first things that I look at when I'm using a new host. Personally, I don't care which way it is set but I regret the incompatibility it can cause as an application is moved between servers.

Want to make your application portable? You can - since you can check the setting of the magic_quotes_gpc variable from your script, and if it is set, use stripslashes to regularise your input. We've a demo showing how you can do this on a single input field ** Link ** and there's a further discussion and more examples at the PHP manual site ** Link **



(written 2005-08-22 19:57:29)

 
Associated topics are indexed under
H107 - String Handling in PHP

Back to
Don't repeat code - use loops or functions
 Previous and next
or
Horse's mouth home		 Forward to
A Victorian Lady
Some other Articles
Robust checking of data entered by users
Caching an XML feed
How not to run a forum
A Victorian Lady
PHP Magic Quotes
Don't repeat code - use loops or functions
Towards Tebay
Most popular courses
Difference between import and from in Python
Telephone Preference Service - we're registered
2259 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
Public Training Courses
Running regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Related short articles
Grouping rows for a summary report - MySQL and PHP
Past PHP delegates / others - coding help needed for next 3 months
Handling nasty characters - Perl, PHP, Python, Tcl, Lua
Learning PHP, Ruby, Lua and Python - upcoming courses
A (biased?) comparison of PHP courses in the UK
Adding a newsfeed for your users to a multipage PHP application
Improving the structure of your early PHP programs
New Example - cacheing results in PHP for faster loading
Matching disparate referencing systems (MediaWiki, PHP, also Tcl)
Application design in PHP - multiple step processes
PHP4 v PHP5 - Object Model Difference
Crossrefering documents with uniqueness and inconsistency issues - PHP proof of concept demo
PHP - getclass v instanceof
Using the internet to remotely check for power failure at home (PHP)
What features does this visitors browser support? (PHP)
Choosing a railway station fairly in PHP
PHP Course - for hobby / club / charity users.
Weekday or Weekend PHP, Python and Perl classes?
Extra PHP Examples
Setting up a MySQL database from PHP
A Presentation about our company - web and PHP
Learning to program in PHP, Python, Java or Lua ...
httpd, Tomcat and PHP course enhancements
Injection Attack if register_globals in on - PHP
Discount Training Courses - PHP, Perl, Python
Keeping PHP code in database and running it
Best source to learn Java (or Perl or PHP or Python)
Index Card System for Game Characters in PHP
PHP - Parse error: syntax error, unexpected $end ...
Predictive Load Balancing - PHP and / or Java
Quick Summary - PHP installation
Flash (client) to PHP (server) - example
Flurinci knows Raby Lae PHP and Jeve
Remember Me - PHP
Text formating for HTML, with PHP
Question Mark - Colon operator (Perl and PHP)
Sorting objects in PHP
Regular Expressions in PHP
Refactoring - a PHP demo becomes a production page
Global - Tcl, PHP, Python
Server overloading - turns out to be feof in PHP
Injection Attacks - avoiding them in your PHP
What is built in to this httpd and PHP?
Diagrams to show you how - Tomcat, Java, PHP
Upgrade from PHP 4 to PHP 5 - the TRY issue
Perl v PHP, choosing the right language
Dynamic maps / geographics in PHP
Current visitors from around the world - PHP
Finding words and work boundaries (MySQL, Perl, PHP)
memcached - overview, installation, example of use in PHP
Apache httpd, MySQL, PHP - installation procedure
addslashes v mysql_real_escape_string in PHP
PHP examples - source code and try it out too
Larger applications in PHP
Saying NOT in Perl, PHP, Python, Lua ...
Defensive coding techniques in PHP?
cannot restore segment prot after reloc message - PHP / httpd
Two PHP include files to make easy web site indexing and navigation
Accounts in PHP - an OO demo
PHP - Sanitised application principles for security and useability
Checking server performance for PHP generated pages
Exchange Rates - PHP with your prices in your users currency
Using cookies and sessions to connect different URLs - PHP
Seeing how others do it - PHP training
Changing a screen saver from a web page (PHP, Perl, OSX)
Gant charts - drawing them with a PHP script
PHP Techniques - a workshop
PHP training courses every month
PHP course dot co, dot uk
Making PHP and MySQL training relevant to the course delegates
Uploading to a MySQL database through PHP - examples and common questions
Advanced Python, Perl, PHP and Tcl training courses / classes
OO PHP demonstration - comparing objects and more
Short and sweet and sticky - PHP form input
Downloading data for use in Excel (from PHP / MySQL)
Autovivification - the magic appearance of variables in Perl
Perl, PHP or Python? No - Perl AND PHP AND Python!
Ongoing Image Copyright Issues, PHP and MySQL solutions
Script to present commonly used images - PHP
PHP / Web 2 logging
Single login and single threaded models - Java and PHP
Efficient PHP applications - framework and example
A story about benchmarking PHP
Curley brackets v double quotes - Tcl, Tk, Expect
Perl, PHP, Python, Tcl, Linux, MySQL, Ruby courses ...
Connecting to MySQL 5 from PHP on Mac OSX Leopard
More PHP sample and demonstration programs
Easy selection of multiple SQL conditions from PHP
Question on division (Java) - Also Perl, PHP, Python ...
Linux, PHP, Tcl, Ruby, C, C++ - last minute training course availability
Using PHP to upload images / Store on MySQL database - security questions
Controlling and labelling Google maps via PHP
Error logging to file not browser in PHP
Using a MySQL database to control mod_rewrite via PHP
Static variables in PHP
Simple page password protection - PHP
A taster PHP expression ...
Clean my plate, but keep my wine bottle. (PHP; Static)
.php or .html extension? Morally Static Pages
Easy handling of errors in PHP
Resetting session based tests in PHP
2008 course schedule - Perl, Python, PHP, Linux, Java Deployment, Ruby and more
PHP Standalone - keyboard to screen
is there a lookup function in php?
Keep in touch with PHP, Perl, Python and old friends too
Outputting numbers as words - MySQL with Perl or PHP
for loop - how it works (Perl, PHP, Java, C, etc)
PHP header() function - uses and new restrictions
Returning multiple values from a function (Perl, PHP, Python)
Drawing hands on a clock face - PHP
Smart English Output - via PHP and Perl ? : operator
Updating a page strictly every minute (PHP, Perl)
Painting a masterpiece in PHP
Emailing as HTML (Web Page) - PHP example
Back button - ensuring order are not submitted twice (PHP)
Object Oriented Model - a summary of changes from PHP4 to PHP5
Buffering output - why it is done and issues raised in Tcl, Perl, Python and PHP
PHP adding arrays / summing arrays
PHP Image upload script
File and URL reading in PHP
Drawing dynamic graphs in PHP
Sample script - FTP to get a file from within PHP
PHP fread - truncated data
Injection attacks - safeguard your PHP scripts
PHP Regular expression to extrtact link and text
Sorting people by name in PHP
Learning to write secure, maintainable PHP
Tomorrow's keywords - London, Training, Course, PHP, Ruby.
PHP - static declaration
Parallel processing in PHP
Dates, times, clickable diarys in PHP
Date conversion - PHP
.pdf files - upload via PHP, store in MySQL, retrieve
Most recent file in a directory - PHP
Setting your colour theme through PHP
Cardinal numbers and magic numbers
Python and the Magic Roundabout
Sludge off the mountain, and Python and PHP
Display an image from a MySQL database in a web page via PHP
Global, Superglobal, Session variables - scope and persistance in PHP
The LAMP Cookbook - Linux, Apache, MySQL, PHP / Perl
A lion in a cage - PHP
Syntax checking in PHP
PHP - good coding practise and sticky radio buttons
Double and Triple equals operator in PHP
Is Perl being replaced by PHP and Python?
PHP - a team member leaves
Hot answers in PHP
Viewing images held in a MySQL database via PHP
Planning a hotel refurb - an example of a Gant chart in PHP
Handling huge data files in PHP
Testing you Perl / PHP / MySQL / Tcl knowledge
Presentation, Business and Persistence layers in Perl and PHP
Adding PHP tags to an old cgi program
PHP Image viewing application
PHP - London course, Melksham Course, Evening course
It's REALLY easy to add a little PHP
PHP - setting sort order with an associative array
The magic of -textvariable
Robust PHP user inputs
Learning to program in Perl or PHP
PHP - dividing a string up into pieces
Using PHP to output images, XML, Style sheets, etc
Merging pictures using PHP and GD
.css - using PHP to make dynamic style sheets
Running a Perl script within a PHP page
North, Norther and Northest - PHP 5 Objects
Double Dollars in PHP
PHP upgrade - traps to watch
Stand alone PHP programs
Do the work and take the risk - a PHP contract to avoid
Accessing a page via POST from within a PHP script
PHP Magic Quotes
Javascript examples (some PHP and MySQL too)
Reading a news or blog feed (RSS) in your PHP page
Assignment, equality and identity in PHP
A year on - should we offer certified PHP courses
Central London Courses - Perl, PHP, Python, Tcl, MySQL
Time calculation in PHP
Happy Birthday, PHP
Passing information into and out of PHP functions
Elegant languages - Perl, PHP, Python
Crossfertilisation, PHP to Python
There is a function in PHP to do that
FAQ - Perl or PHP
PHP5 lets you say no
Current MySQL and PHP paths and upgrades
MySQL, Java, PHP and Linux - new technical articles
PHP v Java
Short underground journeys and a PHP book
PHP course. Come by train.
mysql_connect or mysql_pconnect in PHP?
Object Oriented Programming in PHP
Evening classes to learn PHP
PHP and natural sorting
PHP - onwards and upwards
© WELL HOUSE CONSULTANTS LTD., 2009: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 707126 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho