Byte Forums » Computing » Programming » Web Programming » PHP
Magic Quotes 		HostKube

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Magic Quotes
11-22-2008, 02:14 AM
Post: #1
Lance(HAOH) Offline
Megabyte
***
 		Posts: 105
Joined: Nov 2008
Reputation: 0
Magic Quotes
I am using magic quotes to do my scripting.I really wonder,what magic quotes are really for?Some guides say they are for stripping backslashes out of codes.But what for?Could somebody please advise me on the uses of magic quotes?
Find all posts by this user
Quote this message in a reply
11-22-2008, 09:53 AM
Post: #2
goughy000 Offline
Administrator
*****
 		Posts: 1,514
Joined: Jun 2007
Reputation: 5
RE: Magic Quotes
its for example............


You have a form with a text input...

The text input is called textinput and the form method is POST

In the php script that processes the data you have this code:

PHP Code:
<?php
mysql_query("SELECT * FROM `table` WHERE `type` = '" $_POST['textinput'] . "'");
?>

Without magic quotes if someone was to put a ' in the text input the SQL query would get broken as it would get translated into this...

SELECT * FROM `table` WHERE `type` = 'something'somethingelse'

the ' would end the text string and SQL would get confused and the world would implode on itself.

With magic quotes turned on a \ is auto added before any quote marks so instead the SQL query would look like this

SELECT * FROM `table` WHERE `type` = 'something\'somethingelse'

and the world would be saved and SQL would be happy.

there are security concerns with this though so people often prefer to turn it off and handle the slashes thereselves.
[Image: poweredby.jpg]

Lockerz Invites!
Visit this user's website Find all posts by this user
Quote this message in a reply
09-17-2009, 02:02 PM
Post: #3
naftakjin Offline
Byte
*
 		Posts: 10
Joined: Aug 2009
Reputation: 0
RE: Magic Quotes
(11-22-2008 09:53 AM)goughy000 Wrote:  there are security concerns with this though so people often prefer to turn it off and handle the slashes thereselves.

What bad could it do?
Find all posts by this user
Quote this message in a reply
09-20-2009, 11:01 PM
Post: #4
darkfate Offline
Megabyte
***
 		Posts: 273
Joined: Jul 2007
Reputation: 3
RE: Magic Quotes
(09-17-2009 02:02 PM)naftakjin Wrote:  
(11-22-2008 09:53 AM)goughy000 Wrote:  there are security concerns with this though so people often prefer to turn it off and handle the slashes thereselves.

What bad could it do?

It doesn't work as well as it theoretically should. It misses certain things and doesn't have the fine grained control like you would with your own function.
The key to life is sincerity. Once you can fake that, you’ve got it made. - Groucho Marx
Visit this user's website Find all posts by this user
Quote this message in a reply
09-21-2009, 08:10 AM
Post: #5
goughy000 Offline
Administrator
*****
 		Posts: 1,514
Joined: Jun 2007
Reputation: 5
RE: Magic Quotes
as darkfate said the security issue is more with people assuming it will be doing everything and then not bothering to code any security checks in for themself.
[Image: poweredby.jpg]

Lockerz Invites!
Visit this user's website Find all posts by this user
Quote this message in a reply
10-15-2009, 07:38 AM (This post was last modified: 10-22-2009 07:07 AM by LaniValdez10.)
Post: #6
LaniValdez10 Offline
One hit wonder
 		Posts: 1
Joined: Oct 2009
Reputation: 0
RE: Magic Quotes
Can I know what is all about that magic quotes? I am not too familiar to that words so I an asking to you this question. Can you??? if you don't mind... Please.. Thanks in advance,,


_________________
Indianapolis Dentist
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:

Contact UsByte ForumsReturn to TopReturn to ContentLite (Archive) ModeRSS Syndication