i\'m or i\'d

**jamen** · Jul 26 '05, 10:05 PM

Re: i\'m or i\'d

SOR wrote:[color=blue]
> Although its i'm or i'd thats get typed into a form a slash appears when
> the typed in text is viewed later .
>
> Not a hard problem to fix - but why does it happen .[/color]

Magic Quotes

http://docs.php.net/en/security.magicquotes.html

**SOR** · Jul 26 '05, 11:15 PM

Re: i\'m or i\'d

<comp.lang.ph p , jamen , jamen@invalid>
<42e6b289$0$156 $edfadb0f@dtext 02.news.tele.dk >
<Wed, 27 Jul 2005 00:01:43 +0200>
[color=blue][color=green]
> > Although its i'm or i'd thats get typed into a form a slash appears when
> > the typed in text is viewed later .
> >
> > Not a hard problem to fix - but why does it happen .[/color]
>
> Magic Quotes
> http://docs.php.net/en/security.magicquotes.html
>[/color]

Thanks for that , Glad magic quotes where switched on or it probably
would have been the first bug report in a few days times when I make a
script public .

Seem to recall a while ago some geeks on another newsgroup saying magic
quotes was a bad thing though .

**Tony Marston** · Jul 27 '05, 09:15 AM

Re: i\'m or i\'d

"SOR" <webmaster@spar esorrepair.co.u k.INVALID> wrote in message
news:MPG.1d50d0 dc1e51ae15989dc f@no-cancel.newsread er.com...[color=blue]
> <comp.lang.ph p , jamen , jamen@invalid>
> <42e6b289$0$156 $edfadb0f@dtext 02.news.tele.dk >
> <Wed, 27 Jul 2005 00:01:43 +0200>
>[color=green][color=darkred]
>> > Although its i'm or i'd thats get typed into a form a slash appears
>> > when
>> > the typed in text is viewed later .
>> >
>> > Not a hard problem to fix - but why does it happen .[/color]
>>
>> Magic Quotes
>> http://docs.php.net/en/security.magicquotes.html
>>[/color]
>
> Thanks for that , Glad magic quotes where switched on or it probably
> would have been the first bug report in a few days times when I make a
> script public .
>
> Seem to recall a while ago some geeks on another newsgroup saying magic
> quotes was a bad thing though .[/color]

It can be if you write a script in an environment where it is turned on,
then try to run it in another environment where it is turned off. Ideally
you should write code which can detect whether it is ON or OFF and deal with
it as appropriate, such as:

if (!get_magic_quo tes_gpc()) {
$lastname = addslashes($_PO ST['lastname']);
} else {
$lastname = $_POST['lastname'];
} // if

--
Tony Marston

Tony Marston's Web Site

http://www.tonymarston.net

This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL

**Rob** · Jul 27 '05, 10:25 AM

Re: i\'m or i\'d

Tony Marston wrote:[color=blue]
> "SOR" <webmaster@spar esorrepair.co.u k.INVALID> wrote in message
> news:MPG.1d50d0 dc1e51ae15989dc f@no-cancel.newsread er.com...
>[color=green]
>><comp.lang.ph p , jamen , jamen@invalid>
>><42e6b289$0$1 56$edfadb0f@dte xt02.news.tele. dk>
>><Wed, 27 Jul 2005 00:01:43 +0200>
>>[color=darkred]
>>>>Although its i'm or i'd thats get typed into a form a slash appears
>>>>when
>>>>the typed in text is viewed later .
>>>>
>>>>Not a hard problem to fix - but why does it happen .
>>>
>>>Magic Quotes
>>>http://docs.php.net/en/security.magicquotes.html
>>>[/color]
>>
>>Thanks for that , Glad magic quotes where switched on or it probably
>>would have been the first bug report in a few days times when I make a
>>script public .
>>
>>Seem to recall a while ago some geeks on another newsgroup saying magic
>>quotes was a bad thing though .[/color]
>
>
> It can be if you write a script in an environment where it is turned on,
> then try to run it in another environment where it is turned off. Ideally
> you should write code which can detect whether it is ON or OFF and deal with
> it as appropriate, such as:
>
> if (!get_magic_quo tes_gpc()) {
> $lastname = addslashes($_PO ST['lastname']);
> } else {
> $lastname = $_POST['lastname'];
> } // if
>
>[/color]
you could also write a couple of small functions containing the above

function prepare_input($ string)
{
if (!get_magic_quo tes_gpc())
{
return addslashes($str ing);
}
else
{
return $string;
}
}
function prepare_output( $string)
{
if (!get_magic_quo tes_gpc())
{
return stripslashes($s tring);
}
else
{
return $string;
}
}

$lastname = prepare_input($ _POST['lastname']);
print(prepare_o utput($lastname ));

**SOR** · Jul 27 '05, 04:25 PM

Re: i\'m or i\'d

<comp.lang.ph p , Tony Marston , tony@NOSPAM.dem on.co.uk>
<dc7il1$gsd$1$8 300dec7@news.de mon.co.uk>
<Wed, 27 Jul 2005 10:03:28 +0100>
[color=blue][color=green]
> > Thanks for that , Glad magic quotes where switched on or it probably
> > would have been the first bug report in a few days times when I make a
> > script public .
> >
> > Seem to recall a while ago some geeks on another newsgroup saying magic
> > quotes was a bad thing though .[/color]
>
> It can be if you write a script in an environment where it is turned on,
> then try to run it in another environment where it is turned off. Ideally
> you should write code which can detect whether it is ON or OFF and deal with
> it as appropriate, such as:
>
> if (!get_magic_quo tes_gpc()) {
> $lastname = addslashes($_PO ST['lastname']);
> } else {
> $lastname = $_POST['lastname'];
> } // if
>[/color]

Saved to disk .

At the risk of being pointed to www.php.net by andy - would you have a
similar code snippet to check and see if globals is switched on .

**Tony Marston** · Jul 28 '05, 09:15 AM

Re: i\'m or i\'d

"SOR" <webmaster@spar esorrepair.co.u k.INVALID> wrote in message
news:MPG.1d51bf 6f1ef11cc2989dd 7@no-cancel.newsread er.com...[color=blue]
> <comp.lang.ph p , Tony Marston , tony@NOSPAM.dem on.co.uk>
> <dc7il1$gsd$1$8 300dec7@news.de mon.co.uk>
> <Wed, 27 Jul 2005 10:03:28 +0100>
>[color=green][color=darkred]
>> > Thanks for that , Glad magic quotes where switched on or it probably
>> > would have been the first bug report in a few days times when I make a
>> > script public .
>> >
>> > Seem to recall a while ago some geeks on another newsgroup saying magic
>> > quotes was a bad thing though .[/color]
>>
>> It can be if you write a script in an environment where it is turned on,
>> then try to run it in another environment where it is turned off. Ideally
>> you should write code which can detect whether it is ON or OFF and deal
>> with
>> it as appropriate, such as:
>>
>> if (!get_magic_quo tes_gpc()) {
>> $lastname = addslashes($_PO ST['lastname']);
>> } else {
>> $lastname = $_POST['lastname'];
>> } // if
>>[/color]
>
> Saved to disk .
>
> At the risk of being pointed to www.php.net by andy - would you have a
> similar code snippet to check and see if globals is switched on .[/color]

RTFM at http://uk2.php.net/ini_get

--
Tony Marston

Tony Marston's Web Site

http://www.tonymarston.net

This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL

**SOR** · Jul 28 '05, 12:45 PM

Re: i\'m or i\'d

<comp.lang.ph p , Tony Marston , tony@NOSPAM.dem on.co.uk>
<dca70j$f5s$1$8 302bc10@news.de mon.co.uk>
<Thu, 28 Jul 2005 10:03:14 +0100>
[color=blue][color=green]
> > Saved to disk .
> >
> > At the risk of being pointed to www.php.net by andy - would you have a
> > similar code snippet to check and see if globals is switched on .[/color]
>
> RTFM at http://uk2.php.net/ini_get
>[/color]

Nice one .

**Scott Auge** · Aug 1 '05, 09:45 PM

Re: i\'m or i\'d

In article <dc7m2o$pu7$1@n wrdmz02.dmz.ncs .ea.ibs-infra.bt.com>,
Rob <user@domain.in valid> wrote:
[color=blue]
> Tony Marston wrote:[color=green]
> > "SOR" <webmaster@spar esorrepair.co.u k.INVALID> wrote in message
> > news:MPG.1d50d0 dc1e51ae15989dc f@no-cancel.newsread er.com...
> >[color=darkred]
> >><comp.lang.ph p , jamen , jamen@invalid>
> >><42e6b289$0$1 56$edfadb0f@dte xt02.news.tele. dk>
> >><Wed, 27 Jul 2005 00:01:43 +0200>
> >>
> >>>>Although its i'm or i'd thats get typed into a form a slash appears
> >>>>when
> >>>>the typed in text is viewed later .
> >>>>
> >>>>Not a hard problem to fix - but why does it happen .
> >>>
> >>>Magic Quotes
> >>>http://docs.php.net/en/security.magicquotes.html
> >>>
> >>
> >>Thanks for that , Glad magic quotes where switched on or it probably
> >>would have been the first bug report in a few days times when I make a
> >>script public .
> >>
> >>Seem to recall a while ago some geeks on another newsgroup saying magic
> >>quotes was a bad thing though .[/color]
> >
> >
> > It can be if you write a script in an environment where it is turned on,
> > then try to run it in another environment where it is turned off. Ideally
> > you should write code which can detect whether it is ON or OFF and deal
> > with
> > it as appropriate, such as:
> >
> > if (!get_magic_quo tes_gpc()) {
> > $lastname = addslashes($_PO ST['lastname']);
> > } else {
> > $lastname = $_POST['lastname'];
> > } // if
> >
> >[/color]
> you could also write a couple of small functions containing the above
>
> function prepare_input($ string)
> {
> if (!get_magic_quo tes_gpc())
> {
> return addslashes($str ing);
> }
> else
> {
> return $string;
> }
> }
> function prepare_output( $string)
> {
> if (!get_magic_quo tes_gpc())
> {
> return stripslashes($s tring);
> }
> else
> {
> return $string;
> }
> }
>
> $lastname = prepare_input($ _POST['lastname']);
> print(prepare_o utput($lastname ));[/color]

It's a start.

Make use of this stuff:

Explanation: http://amduus.com/phpezine/archive/Issue2.pdf

Code: http://amduus.com/phpezine/archive/issue2.zip

--
Available for Hire! http://amduus.com/Resumes/

i\'m or i\'d

i\'m or i\'d

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment