short term... magic_quotes_gpc = on [solved]
Posted: Wed Feb 08, 2006 1:09 pm
here's the dilemma. After reading everything out there on why magic_quotes_gpc is best turned off and manually adding the slashes yourself, I still have a general question. Let's say I have an entirely separate database, with only a few pages of php taking people's data and inserting it into a MySQL table. These pages are only going to be live to the public for 12 months or so, and once the data is extracted down the road, the table + database will most likely be deleted. So using php.net's code :
is there any reason to turn them off given this is a temporary submission page... kind of a one-time-use only? The only reason I ask, is laziness. All the code is written already.
Subquestion:
after running php.net's code above, I'll then check out the table using the terminal, and the slashes are not visible. Is that normal? I would just assume that if magic_quotes_gpc are on, the slashes would also be visible when looking at the table through the command line.
thanks for the advice and suggestions in advance. hope everyone is doing well.
Code: Select all
<?php
echo get_magic_quotes_gpc(); // 1
echo $_POST['lastname']; // O\'reilly
echo addslashes($_POST['lastname']); // O\\\'reilly
if (!get_magic_quotes_gpc()) {
$lastname = addslashes($_POST['lastname']);
} else {
$lastname = $_POST['lastname'];
}
echo $lastname; // O\'reilly
$sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
?>is there any reason to turn them off given this is a temporary submission page... kind of a one-time-use only? The only reason I ask, is laziness. All the code is written already.
Subquestion:
after running php.net's code above, I'll then check out the table using the terminal, and the slashes are not visible. Is that normal? I would just assume that if magic_quotes_gpc are on, the slashes would also be visible when looking at the table through the command line.
thanks for the advice and suggestions in advance. hope everyone is doing well.