Magic quotes and data integrity 1
Posted: Fri Nov 01, 2002 7:25 am
When I submit a text-field from a form using POST. I (the client) might fill the field with data like:
Note that there is one single quote char and one double quote char.
When this var is made available to the recieving PHP-script, it has been addslashed, see magic-quotes-gpc
I use MySQL and PHP.
Let's say I want to perform a data insertion:Would this query do a fully valid non corrupted and database hacker secure data insertion if I use data like the string at the top of this post?
MySQL recieves the data '123<''k\"isis123&q>'. Will the \" be interpreted correctly, that is, that the backslash is removed in the database data
I could test this on my computer and learn by myself, but I am far from the machine right now, and I believe It might be good for all of us newbies to read the anwers to this post.
Code: Select all
123<'k"isis123&q>When this var is made available to the recieving PHP-script, it has been addslashed, see magic-quotes-gpc
I use MySQL and PHP.
Let's say I want to perform a data insertion:
Code: Select all
mysql_query("insert into table1 set Var1='{$_POSTї'Fieldname1']}', Var2='{$_POSTї'Fieldname2']}'");MySQL recieves the data '123<''k\"isis123&q>'. Will the \" be interpreted correctly, that is, that the backslash is removed in the database data
I could test this on my computer and learn by myself, but I am far from the machine right now, and I believe It might be good for all of us newbies to read the anwers to this post.