Topic: php magic quotes question

i am so utterly confused by magic quotes.

when i echo get_magic_quotes_gpc(), it gives me a 1.

so this should mean that when i push variables to php, it runs addslashes() on them automatically.

i take these vars and run addslashes(trim()) on them, and insert them into my database.

then, if i view them in phpmyadmin, they only show one set of slashes behind quotes and stuff.

and when i select the fields, run stripslashes() once on them, and print them to a page, they don't have any slashes.

so it seems that the script is supposed to be adding two sets of slashes, but it's only doing one.

why?!

Re: php magic quotes question

i learned my lesson. here's what it is.

say you have a $var that is unescaped.

use mysql_real_escape_string to escape it _once_.

insert this new value into the database.

mysql will _remove_ the backslashes. you'll see this in phpmyadmin, for example. it will no longer be escaped.

when selecting the value and printing it, you _do_not_need_to_ stripslashes().

if you need to stripslashes() when pulling out data, you escaped one too many times to begin with!

i can't believe that i learned this lesson so late in the game.

Re: php magic quotes question

if i wrote a series of tutorials on php/mysql, would anyone here find it useful?

i've been doing this stuff for 7 years now and i still learn things. i also know how hard it is to research some special topics. in addition, i know that very good books on the subject are hard to find. you can pick up the latest o'reilly book on php5 by rasmus and it'll have quite a few errors in it.

i'm not saying my knowledge is super great, but i think i might be able to contribute and help out some people.

so: valuable or not?

Re: php magic quotes question

I think so.  I've learned a few things from you.  things I would have probably learned myself eventually, but that weren't immediately obvious.

I'd read 'em, at least smile.

Re: php magic quotes question

I would read your tutorials. I'm a Coldfusion developer and sometime I help my friend who's learning PHP. Personally, I like coldfusion better because  it's probably I use it a lot.

Hope you won't mind my question. What's best common practice for writing php in a file?

For example

A file uses one php tag that will run php codes and echo all html codes

<php?  
echo 'html stuff'; 
php codes; 
echo 'html stuff'; 
php codes;
?>

OR

A file uses html with php codes embedded

 
html stuff  
<php? php codes; ?> 
more html
<php? php codes;
echo html stuff;
?>
more html

I like second example better, though.

| There's no place like /home | There's no place like /home | There's no place like /home |

Re: php magic quotes question

yeah, echoing HTML with PHP is so miserable.  except it's kind of necessary sometimes if you're putting stuff from a database into the HTML.  I guess you could just do ?php ?> around every variable.  that's kind of messy though.

Re: php magic quotes question

+ a                                                                                                                                   
You can also use: <a href="index.php"><?=$somevar?></a>
Very useful for a simple template engine:
[...code...]
$page = file_get_contents($_GET[''page']);
$page = eval("?>$page");
echo $page;

short_open_tags must be on for this to work though

Hope you won't mind my question. What's best common practice for writing php in a file?

Ideally, you should have three files:
Layout - HTML
Presentation - CSS
Code = PHP

echoing HTML inside a php files is generally a bad idea It's nice if your project is 50 lines, not so nice when your project reaches 50~0 lines, and a disaster when your project reaches 5000 lines.

btw. php opening tag is <?php, and not <php?

Trust me, I know what I'm doing.

Re: php magic quotes question

haha, woops.  I knew that smile.

I just have a lot of while statements echoing a bunch of html and it looks really messy.