www.webdeveloper.com
Results 1 to 5 of 5

Thread: problems with addslashes and stripslashes desperately confusing

  1. #1
    Join Date
    Mar 2011
    Posts
    43

    problems with addslashes and stripslashes desperately confusing

    i'm running this script on my testing server on local machine. From what i can tell get magic quotes it not turned on (code below is used to checK)

    Code:
    if(get_magic_quotes_gpc())
    	echo "Magic quotes are enabled";
    else
    	echo "Magic quotes are disabled";
    Anyways i use addslashes to escape apostraphes and slashes before inserting them into a mySQL database. However, when i try to unescape them using stripslashes, it doesnt seem to be having an effect.

    the following is a snippet of code that acts on a MySQL query result. I'm attempting to stripslashes but it's not working. When this query string is passed back to Javascript via Ajax, some things are still escaped when i output the JSON string to an alert box. For example, i call addslashes before inserting 1/2 into database, when i retrieve it through ajax via this script and use stripslashes, in an alert box it is still appearing as "1\/2".

    Code:
    	if ( $returnVar->select == "yes" ) {
    		$arr = NULL;
    
    		if ($result)
    			$num_results = mysqli_num_rows($result);
    		else
    			$num_results = 0;
    
    		for ($i = 0; $i < $num_results; $i++) {
    			$row = mysqli_fetch_assoc($result);
    			foreach ( $row as $current ) {
    				$current = stripslashes($current);
    			}
    			$arr[$i] = $row;
    		} 
    		$returnVar->items = $num_results;
    		
    
    	}
    
    $z = rawurlencode(json_encode($returnVar));
    echo $z;
    i then retrieve $z using AJAX call.

    Also, the string " Honey Nut O's Cereal " is successfully inserted into database after calling addslashes on it. when its retrieved via the above snippet and output to a table cell in Html using JS, it appears the slash is gone. It also appears gone if i call an alert box on AJAX response string (but slash is sitll present in "1\/2" which i cannot figure out.) But when i then take the value from the table cell ( by using innerHTML ) and try to insert it back into the database, after calling addslashes it goes from having 0 slashes to 2 slashes!! wtf pls help cannot figure this out.

  2. #2
    Join Date
    Oct 2010
    Location
    Ohio
    Posts
    233
    You should use mysql_real_escape_string instead of add/strip-slashes. As to your problem I have no idea why it wouldn't be working as expected.
    ~Ryan
    www.rdennispallas.com <-- Personal Site, changing regularly cuz its ugly.

  3. #3
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,739
    You should be using a database specific function like mysqli_real_escape_string(), not addslashes. Also if you end up with 1\/2 after using stripslashes that means you started with 1\\/2, i.e. 2 backslashes.

  4. #4
    Join Date
    Mar 2011
    Posts
    43
    looking at how i put in stripslashes is there something wrong with it to make stripslashes not working? is that the correct way to iterate through an array and add stripslashes.

    btw i now use mysql_real_escape_string

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,178
    There should not be any need to do a stripslashes() of the data retrieved from the database. If any unwanted "\" characters are in your data, then it's because of "double escaping" for some reason, most commonly because magic_quotes_gpc is in effect, and then applying mysql_real_escape_string() such that the magic quotes slashes are themselves escaped, but it could be because your code is actually escaping the data twice. If done correctly (negating the effect of magic_quotes_gpc if in effect and then applying the correct SQL escaping mechanism only once), there should be no escape characters getting stored in the actual database field -- the escaping is only used by the SQL query string parser, much like using escaped quotes in a PHP echo statement: you don't actually output the back-slashes.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles