Posted by Petzo on 05/16/05 11:32

Hi,

My question is about the norlmal behaviour of PHP and MYSQL but I cant
explain it without a simple example. Thank you for reading:

I have the following code:
--------------------------------------------------------------------
<?php
print $t = $_POST['txt'];
print $t = addslashes($t);

@ $db = mysql_pconnect(xxx,xxx,xxx);
mysql_select_db('test');

$q = "update ttable set ffield='$t'";
mysql_query($q);

$q = "select * from ttable";
$result = mysql_query($q);
$bo = mysql_fetch_array($result);

print $t = $bo['ffield'];
print $t = stripslashes($t);
?>
--------------------------------------------------------------------


from a HTML form I send variable:
--------------------------------------------------------------------
' \ \' \\ \\\
--------------------------------------------------------------------

after addshashes it becomes:
--------------------------------------------------------------------
\' \\ \\\' \\\\ \\\\\\
--------------------------------------------------------------------

after that it gets in the database

but after I get it out it becomes:
--------------------------------------------------------------------
' \ \' \\ \\\
--------------------------------------------------------------------
(without the backslashes!)

and ofcourse after stripslashes it gets messed-up:
--------------------------------------------------------------------
' ' \ \
--------------------------------------------------------------------

So my question is if this is a normal behaviour for PHP+MYSQL or it may vary
indifferent conficurations or versions of both php or mysql.
It's not a bad thing to be like that but I wonder if my code will behave the
same at most systems.

Thank you very much

[Back to original message]