|
Posted by Jay Blanchard on 09/30/05 19:46
Everyday I scratch my head.....
In php.ini in the C:\WINNT it is said;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(),
etc.
magic_quotes_runtime = Off
In phpinfo() it is said;
magic_quotes_gpc On On
magic_quotes_runtime Off Off
[note the disparity]
and get_magic_quotes_gpc() returns a 1 (for 'on')
I am having a helluva time escaping single quotes for use with MSSQL because
it throws the following error....
SELECT EPC, Owner, Location, Application, Process, Product, Purchased,
Comments FROM intranet.dbo.CustomerRelations WHERE Purchased = '1990\'\'s'
ORDER BY EPC DESC
Filter=Purchased&FilterKey=1990\'\'s <--$_SERVER['QUERY_STRING']
1 <--get_magic_quotes_gpc
Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL
Server]Line 1: Incorrect syntax near '\'., SQL state 37000 in SQLExecDirect
in E:\fubar\iamscrewed\windowsblows\index.php on line 51
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near
'\'.
Slashes are being inserted during the post, but i cannot get them to go
away...stripslashes doesn;t work.....can anyone help me get rid of the
slashes? Or should I just go for a nice motorcycle ride in the Hill Country?
[Back to original message]
|