[web] Strange single quote issue (Textbox, PHP, MySQL)
Author
Hi
I'm kinda new to PHP and MySQL and so I decided to write a webpage with a textbox where I can type in my SQL statements and perform them via a submit button. Just to speed things up.
When I type an SQL statement where I need to use single quotes to indicate a string I get different results on different machines. On my local machine the quotes stay the same, but on the online server the quotes get translated to a \'.
I can work around this, but I would just like to know where the difference comes in.
Local Machine:
Windows XP SP2
PHP ver 5
MySQL ver 5
IIS
Online Server:
Linux 2.6.17.11-grsechg
PHP ver 4.4.1
MySQL ver 4.1.21-standard
Apache ver 1.3.34 (Unix)
The only thing I can think of is that magic quotes is enabled on the online server.
You can edit php.ini and set it to Off. If you do this, you'll need to restart Apache.
You can edit php.ini and set it to Off. If you do this, you'll need to restart Apache.
Yes, the magic quotes are probably on.
* If you are the administrator of that online server, you can edit php.ini. But then your webserver can be vulnerable. You shouldn't allow anyone to manipulate with MySQL database on your own server.
* If it is some sort of webhosting, mostly you don't have a possibility to modify php.ini. Then you can use PHP function stripslashes(input string).
* If you are the administrator of that online server, you can edit php.ini. But then your webserver can be vulnerable. You shouldn't allow anyone to manipulate with MySQL database on your own server.
* If it is some sort of webhosting, mostly you don't have a possibility to modify php.ini. Then you can use PHP function stripslashes(input string).
You can also disable them by putting "php_value magic_quotes_gpc 0" in an .htaccess file.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement