Code: Select all
<?php
echo get_magic_quotes_gpc(); // 1
echo $_POST['lastname']; // O\'reilly
echo addslashes($_POST['lastname']); // O\\\'reilly
if (!get_magic_quotes_gpc()) {
$lastname = addslashes($_POST['lastname']);
} else {
$lastname = $_POST['lastname'];
}
echo $lastname; // O\'reilly
$sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
?>is there any reason to turn them off given this is a temporary submission page... kind of a one-time-use only? The only reason I ask, is laziness. All the code is written already.
Subquestion:
after running php.net's code above, I'll then check out the table using the terminal, and the slashes are not visible. Is that normal? I would just assume that if magic_quotes_gpc are on, the slashes would also be visible when looking at the table through the command line.
thanks for the advice and suggestions in advance. hope everyone is doing well.