09-06-2011, 02:38 AM
I have a name input $_POST['name']
and for some reason, when I type in ' in the html form it outputs as \'
I don't know why but it is causing problems. Can anyone explain why this is happening?
09-06-2011, 02:47 AM
PHP puts a "slash" in front of special or reserved characters ...
Try this ...
echo "Name: $name";
See what happens.
09-06-2011, 02:52 AM
Thanks, that works. I think the reason why php was doing that was to prevent SQL injections, and I think that is a real smart idea. Now, stripping the slashes works for now, and the way I coded it I don't think it's a security risk... I think it's called magic quotes.
09-06-2011, 04:35 PM
Correct, it is to help prevent injections. It can be safe depending on what is going in the box and who is entering the data into it.
09-06-2011, 05:10 PM
I'd recommend you to read the manual http://php.net/manual/en/security.magicquotes.php (and the sticky http://www.codingforums.com/showthread.php?p=711327#post711327)
09-06-2011, 05:46 PM
It is (supposed) to help prevent SQL injections. Although its among the stupidest things that Zend has introduced.
Fortunately, these will be gone very soon. Register globals are gone as of 5.4, so that's a great start.