JennyWren
15-09-2007 11:50:34
I have two websites which both have a blogging tool that I wrote on them. This allows me to quickly write an article and submit it - the submission page then writes a .phpurl==http://=http:///url file (so that the URL for the article is "real" for SEO purposes) and also adds the text of the article to a DB so that I can easily edit it later. Here's the weird thing. I'm using the exact same code on the two different sites (both have a blog). The main text part of the article is submitted via a form using a textarea. On one blog, the text that's passed to the submission step has the escape characters included (as it should for use with a MySQL insert) whereas on the other blog, the escape characters aren't there. I copied the code directly, the only thing that is different is which table the data is being stored in - and that call comes later than the one I am using to check what value is being passed for the text.
Both websites are hosted on the same (dreamhost) server, and I can't think of anything that's different except for the domain names. Help?
JennyWren
15-09-2007 17:51:45
[code1b86a7c83b4] /li Get the passed in values. li/
$title = $_POST['title'];
$subtitle = $_POST['subtitle'];
$link = $_POST['link'];
$text = $_POST['text'];
$comments = $_POST['comments'];
$visible = $_POST['visible'];
$date = $_POST['date'];
echo "text is $text";
/li Make sure that the link is unique. li/
$result = mysql_query("SELECT li FROM fit_articles WHERE link='$link'");
if ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) {
$message = "linkname is already in use! Story not added.";
} else {
/li Add the story. li/
mysql_query("INSERT INTO fit_articles ( title, subtitle, link, text, comments, visible, date )
VALUES ( '$title', '$subtitle', '$link', '$text', '$comments', '$visible', '$date' ) ");[/code1b86a7c83b4]
I KNOW that I should be using mysql_real_escape_string HOWEVER, I don't get why this exact same code works on one site but not on the other (one site, when you echo $text you get the backslashes, on the other you do not). $text comes from a form input textarea (that code wouldn't print properly here on FIPG).
JennyWren
15-09-2007 17:54:12
OMFG I just realized I had one domain name set to PHP 4.4.7 and the other to PHP 5.2 or something. Hm, interesting difference between the two, I wonder why that is?
gnznroses
15-09-2007 18:36:33
i've never looked up the differences, i just stick with v4 ;)
ajasax
15-09-2007 21:24:09
It depends on what the "magic quotes" variable is set to. I think the default is set to on, but I'm not sure. Haven't fiddled with PHP installations in a while. Magic quotes will automatically escape any text input. Just type up a PHP page with only the following
[code1d1954df667]
<?php
phpinfo();
?>
[/code1d1954df667]
That'll give you all the settings wink
Also, http//php.net/magic_quotes