stripslashes() with address book

Lic. Martin Marques martin at bugs.unl.edu.ar
Tue Jan 3 15:50:24 CET 2006


On Tue, 3 Jan 2006, Thomas -Balu- Walter wrote:

> On Fri, Dec 30, 2005 at 08:16:40PM -0700, Justin Frydman wrote:
>> Hi all,
>>
>> I noticed that if I add a name such as O'Toole in the address book it will
>> display as O\'Toole. Not sure if this is specific to my php config or not,
>> or it simply needs stripslashes() function applied before outputting.
>
> For what it's worth - I am using the following snippet I found once on
> the PHP website in all my projects in a global include that is loaded
> before every other action...
>
> // strip magic quotes from Superglobals...
> if ((bool) get_magic_quotes_GPC()) { // by "php Pest"
[snip]
> magic_quotes is one of the most evil things in PHP - it should've been
> dumped in Version 4, but ...

This is plain stupid. The problem could be in the DB insertion, as you 
have to escape the '. But ibn a select that backslash shouldn't be there:

prueba=> INSERT INTO pruebita VALUES (default,'O\'Toole');
INSERT 2193750 1
prueba=> SELECT * FROM pruebita;
  id |  texto
----+---------
   1 | O'Toole
(1 fila)

SO my question is, why would you want to strip the slashes that shouldn't 
be there. Mayby there is some kind of doble escape going on, so the ' are 
escaped first and with the second escape, the \ are escaped.

prueba=> INSERT INTO pruebita VALUES (default,'O\\\'Toole');
INSERT 2193751 1
prueba=> SELECT * FROM pruebita;
  id |  texto
----+----------
   1 | O'Toole
   2 | O\'Toole
(2 filas)

There you can see the diference. ;-)

--
  11:40:01 up 50 min,  2 users,  load average: 0.06, 0.09, 0.08
---------------------------------------------------------
Lic. Martín Marqués         |   SELECT 'mmarques' || 
Centro de Telemática        |       '@' || 'unl.edu.ar';
Universidad Nacional        |   DBA, Programador,
     del Litoral             |   Administrador
---------------------------------------------------------


More information about the Dev mailing list