php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18673 PHP under Linux/Apache preserve the ' coming from a DB and hide itunder Windows
Submitted: 2002-07-31 11:28 UTC Modified: 2002-07-31 11:30 UTC
From: papejack at hotmail dot com Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.2.2 OS: Win98SE/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: papejack at hotmail dot com
New email:
PHP Version: OS:

 

 [2002-07-31 11:28 UTC] papejack at hotmail dot com
script example:
<?php
$SQL = "INSERT INTO Table SET Field = '";

$Recordset = mysql_query("SELECT Field FROM Table", $Link);

//we assume that the string in Field contains a caracter 
//that needs a \
while($Record = mysql_fetch_array($Recordset))
{
  //This string contains \ under Linux/apache
  //and works
  mysql_query($SQL.$Record["Field"]."'", $Link);

  //This string doesn't have \ under Windows
  //and doesn't works (produce an error)
  mysql_query($SQL.$Record["Field"]."'", $Link);
}

The problem can be fix by adding:

...
  addslashes(stripslashes($Record["Field"]))
...

So, under Windows, we simply stripslashes() nothing (because there is no \) and under Linux/Apache we stripslashes() all characters that needs to be slashed.

Finally, in the 2 cases, we need to addslashes(). (if we don't uses stripslashes(), we will double the \ under Linux/Apache).


Jacques B?rard
papejack@hotmail.com

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-31 11:30 UTC] rasmus@php.net
Set the magic_quotes_* initialization variables in your php.ini file to be the same thing on both Linux and Windows.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 22:01:28 2024 UTC