 |
 |
Find a programming school near you
php3-list | 199903
Date: 03/28/99
- Next message: Colin Viebrock: "Re: [PHP3] php/mysql and mapping applications?"
- Previous message: Richard Kurth: "[PHP3] Problem displaying an image"
- In reply to: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Next in thread: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Reply: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Mar 28, 1999 at 01:46:50PM +0200, Auke van Slooten wrote:
> On Sat, 27 Mar 1999, Sascha Schumann wrote:
>
> > On Sat, Mar 27, 1999 at 01:09:39PM +0100, auke <email protected> wrote:
> > > On Fri, 26 Mar 1999, Sascha Schumann wrote:
> > >
> > > > > Hi,
> > > > > I've got a question about this. I'm using MySQl to store serialized
> > > > > data, but I don't use AddSlashes, I use ereg_replace("'","''",...)
> > > > > I've tried to use AddSlashes/StripSlashes, but it seems that this can
> > > > > corrupt the data. e.g.
> > > > >
> > > > > Suppose you have a string $temp="a \\'string";
> > > >
> > > > echo $temp
> > > >
> > > > a \'string
> > > >
> > > > You are overseeing that PHP also uses slashes.
> > > >
> > >
> > > No, I am not, this is the whole point :) I specifically made this string
> > > to break the serialize/addslashes/stripslashes/unserialize chain when
> > > stored in a mysql database. Because I actually had that happen once :(
> >
> > Well, then I suppose I must miss your point.
> >
> > In your previous email you said...
> >
> > > now when you retrieve this string, mysql will already have interpreted
> > > the slashes when you inserted this data, so the string that you retrieve
> > > will be: "a \'string"
> >
> > That is exactly the string you stored. I do not consider that to be bad.
>
> well, that would be allright, except you forgot that this is about using
> AddSlashes/Stripslashes, and StripSlashes hasn't been applied at this
> point. The next two lines in the original post are:
Why would you want to use stripslashes then?? There is normally no (not even
closely one) application for stripslashes in a database context.
> > As you can see running StripSlashes over this will remove the '\',
> > changing the string and corrupting your serialized data.
>
> So my point still is, that using AddSlashes/Stripslashes on serialized
> data (or any unchecked string) to be inserted in a database can corrupt
I don't consider it too hard to understand that you only need to use
addslashes when you want to put something into a database. Do NOT apply
stripslashes to data you fetch from a database.
--Regards,
Sascha Schumann | Consultant | finger sas <email protected> | for PGP public key
-- PHP 3 Mailing List http://www.php.net/ To unsubscribe send an empty message to php3-unsubscribe <email protected> To subscribe to the digest list: php3-digest-subscribe <email protected> For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3 List administrator: zeev-list-admin <email protected>
- Next message: Colin Viebrock: "Re: [PHP3] php/mysql and mapping applications?"
- Previous message: Richard Kurth: "[PHP3] Problem displaying an image"
- In reply to: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Next in thread: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Reply: Auke van Slooten: "Re: [PHP3] [HOW TO] Passing serialized data around"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
