www.webdeveloper.com
Results 1 to 5 of 5

Thread: problems with addslashes and stripslashes desperately confusing

  1. #1
    Join Date
    Mar 2011
    Posts
    43

    problems with addslashes and stripslashes desperately confusing

    i'm running this script on my testing server on local machine. From what i can tell get magic quotes it not turned on (code below is used to checK)

    Code:
    if(get_magic_quotes_gpc())
    	echo "Magic quotes are enabled";
    else
    	echo "Magic quotes are disabled";
    Anyways i use addslashes to escape apostraphes and slashes before inserting them into a mySQL database. However, when i try to unescape them using stripslashes, it doesnt seem to be having an effect.

    the following is a snippet of code that acts on a MySQL query result. I'm attempting to stripslashes but it's not working. When this query string is passed back to Javascript via Ajax, some things are still escaped when i output the JSON string to an alert box. For example, i call addslashes before inserting 1/2 into database, when i retrieve it through ajax via this script and use stripslashes, in an alert box it is still appearing as "1\/2".

    Code:
    	if ( $returnVar->select == "yes" ) {
    		$arr = NULL;
    
    		if ($result)
    			$num_results = mysqli_num_rows($result);
    		else
    			$num_results = 0;
    
    		for ($i = 0; $i < $num_results; $i++) {
    			$row = mysqli_fetch_assoc($result);
    			foreach ( $row as $current ) {
    				$current = stripslashes($current);
    			}
    			$arr[$i] = $row;
    		} 
    		$returnVar->items = $num_results;
    		
    
    	}
    
    $z = rawurlencode(json_encode($returnVar));
    echo $z;
    i then retrieve $z using AJAX call.

    Also, the string " Honey Nut O's Cereal " is successfully inserted into database after calling addslashes on it. when its retrieved via the above snippet and output to a table cell in Html using JS, it appears the slash is gone. It also appears gone if i call an alert box on AJAX response string (but slash is sitll present in "1\/2" which i cannot figure out.) But when i then take the value from the table cell ( by using innerHTML ) and try to insert it back into the database, after calling addslashes it goes from having 0 slashes to 2 slashes!! wtf pls help cannot figure this out.

  2. #2
    Join Date
    Oct 2010
    Location
    Ohio
    Posts
    233
    You should use mysql_real_escape_string instead of add/strip-slashes. As to your problem I have no idea why it wouldn't be working as expected.
    ~Ryan
    www.rdennispallas.com <-- Personal Site, changing regularly cuz its ugly.

  3. #3
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    You should be using a database specific function like mysqli_real_escape_string(), not addslashes. Also if you end up with 1\/2 after using stripslashes that means you started with 1\\/2, i.e. 2 backslashes.

  4. #4
    Join Date
    Mar 2011
    Posts
    43
    looking at how i put in stripslashes is there something wrong with it to make stripslashes not working? is that the correct way to iterate through an array and add stripslashes.

    btw i now use mysql_real_escape_string

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,335
    There should not be any need to do a stripslashes() of the data retrieved from the database. If any unwanted "\" characters are in your data, then it's because of "double escaping" for some reason, most commonly because magic_quotes_gpc is in effect, and then applying mysql_real_escape_string() such that the magic quotes slashes are themselves escaped, but it could be because your code is actually escaping the data twice. If done correctly (negating the effect of magic_quotes_gpc if in effect and then applying the correct SQL escaping mechanism only once), there should be no escape characters getting stored in the actual database field -- the escaping is only used by the SQL query string parser, much like using escaped quotes in a PHP echo statement: you don't actually output the back-slashes.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.14365 seconds
  • Memory Usage 2,878KB
  • Queries Executed 13 (?)
More Information
Template Usage (33):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (2)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (5)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates