Training, Open Source Programming Languages

This is page http://www.wellho.net/mouth/422_PHP- ... uotes.html

Our email: info@wellho.net • Phone: 01144 1225 708225
Navigation on
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
PHP Magic Quotes

Do you want to read a string from a form and save it into a database? "Easy" you might say ... and indeed it is ... but if you just take the exact characters that were entered into the form and embed them in your SQL, you're laying yourself open to an injection attack. That's where a user enters a string that includes quotes, which are used as delimiters by SQL commands.

Early / more advanced / sophisticated users of PHP know of this risk and use the addslashes function before they place user inputs into SQL strings. But with huge growing popularity and use by beginners and more casual programmers, there was too much risk of PHP getting itself a bad name for insecure systems. So "Magic Quotes" were introduced. With Magic Quotes, the input arrays $_GET, $_POST, $_COOKIE and $_REQUEST are all encoded with extra \ characters in front of any user entered quote character ...thus making the input directly and safely transferreable into an SQL table - but at the expense of it appearing on the screen if the programmer prints it back out. See the example picture provided ....

For the sake of compatibility with existing code (and to appease the people who were quite happy to carefully add slashes all around), Magic Quotes were added to the list of configurable options in PHP and to this day it's probably one of the first things that I look at when I'm using a new host. Personally, I don't care which way it is set but I regret the incompatibility it can cause as an application is moved between servers.

Want to make your application portable? You can - since you can check the setting of the magic_quotes_gpc variable from your script, and if it is set, use stripslashes to regularise your input. We've a demo showing how you can do this on a single input field ** Link ** and there's a further discussion and more examples at the PHP manual site ** Link **



(written 2005-08-22, updated 2008-05-17)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H107 - String Handling in PHP
  [31] Here documents - (2004-08-28)
  [54] PHP and natural sorting - (2004-09-19)
  [337] the array returned by preg_match_all - (2005-06-06)
  [463] Splitting the difference - (2005-10-13)
  [493] Running a Perl script within a PHP page - (2005-11-12)
  [558] Converting between acres and hectares - (2006-01-08)
  [560] The fencepost problem - (2006-01-10)
  [574] PHP - dividing a string up into pieces - (2006-01-23)
  [589] Robust PHP user inputs - (2006-02-03)
  [608] Don't expose your regular expressions - (2006-02-15)
  [642] How similar are two words - (2006-03-11)
  [716] Evaluating arithmetic expressions in configuration files - (2006-05-10)
  [728] Looking ahead and behind in a Regular Expression - (2006-05-22)
  [1008] Date conversion - PHP - (2006-12-26)
  [1058] PHP Regular expression to extrtact link and text - (2007-01-31)
  [1195] Regular Express Primer - (2007-05-20)
  [1336] Ignore case in Regular Expression - (2007-09-08)
  [1372] A taster PHP expression ... - (2007-09-30)
  [1533] Short and sweet and sticky - PHP form input - (2008-02-06)
  [1603] Do not SHOUT and do not whisper - (2008-04-06)
  [1613] Regular expression for 6 digits OR 25 digits - (2008-04-16)
  [1799] Regular Expressions in PHP - (2008-09-16)
  [2046] Finding variations on a surname - (2009-02-17)
  [2165] Making Regular Expressions easy to read and maintain - (2009-05-10)
  [2238] Handling nasty characters - Perl, PHP, Python, Tcl, Lua - (2009-06-14)
  [2629] Curly braces within double quoted strings in PHP - (2010-02-09)
  [3020] Handling (expanding) tabs in PHP - (2010-10-29)
  [3424] Divide 10000 by 17. Do you get 588.235294117647, 588.24 or 588? - Ruby and PHP - (2011-09-08)
  [3515] PHP - moving from ereg to preg for regular expressions - (2011-11-11)
  [3516] Regular Expression modifiers in PHP - summary table - (2011-11-12)
  [3534] Learning to program in PHP - Regular Expression and Associative Array examples - (2011-12-01)
  [3788] Getting more than a yes / no answer from a regular expression pattern match - (2012-06-30)
  [3789] More than just matching with a regular expression in PHP - (2012-06-30)
  [3790] Solution looking for a problem? Lookahead and Lookbehind - (2012-06-30)
  [4071] Setting up strings in PHP - (2013-04-27)
  [4072] Splitting the difference with PHP - (2013-04-27)


Back to
Don't repeat code - use loops or functions
 Previous and next
or
Horse's mouth home		 Forward to
A Victorian Lady
Some other Articles
Robust checking of data entered by users
Caching an XML feed
How not to run a forum
A Victorian Lady
PHP Magic Quotes
Don't repeat code - use loops or functions
Towards Tebay
Most popular courses
Difference between import and from in Python
Telephone Preference Service - we're registered
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/422_PHP- ... uotes.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb