unescape, post and php

Apprentice
Posts: 9
Joined: 2008.07
Post: #1
In my C app i am using libcurl to send POST data to my php file

I printed my post data to a file, pasted it in http://www.linkedresources.com/tools/une...0.2b1.html and used unescape on the sql data and my sql code came out perfectly.

In php, i get the post and it comes out with a \ in front of ' and only in front of ' and i dont understand why. The unescaped data looked good and nothing else in the sql code had \ in front of it. For an example, the date is "%20%272008%2D06%2D29%27%2C%20" which should become " '2008-06-29', " but i get " \'2008-06-29\', "

to print the sql in php i use
echo "Error: Sql is " . $sql . " error was " . mysql_error() . "<br>\n";

can anyone tell me why this is happening?
Quote this message in a reply
Apprentice
Posts: 9
Joined: 2008.07
Post: #2
someone in another forum named my problem.
It was a safety thing the php server did on post data. It automatically runs addslashes to post data. I turned it off in the config file and everything runs as expected.
Quote this message in a reply
Member
Posts: 567
Joined: 2004.07
Post: #3
Erm, the escaping was put in there for a reason. Just make sure that you either sanitize (escape) the input before you use in in a SQL query, or before you display it. Otherwise you get problems with cross-site scripting attacks or SQL injections.

It's not magic, it's Ruby.
Quote this message in a reply
Moderator
Posts: 1,560
Joined: 2003.10
Post: #4
Quote this message in a reply
Post Reply 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Post-Incremented C Function Parameters No-Go on Intel? AnotherJake 12 5,553 May 19, 2006 11:13 AM
Last Post: omgomghilol