rick.emmet Posted January 10, 2012 Share Posted January 10, 2012 Hello Everyone, I've been working with XAMPP 1.7.3 and have a general question. I've always read (and been told) to use addslashes() for any MySQL input to protect the database. My PHP.ini file has magic quotes off and the system automatically produces a caret symbol "^" in front of every control character I upload to the database. I can't find anything in the PHP.ini file relating to the caret symbols and control characters, nor can I find anything in the My.ini file. In testing, it the system behaves just as it would if I had magic quotes on, except that the system uses the carets instead of slashes. I have no problem removing the carets (and any slashes that a user might upload) but would like to know what is going on. I've done google searches on this and have only found content regarding regular expressions. Could someone clue me in? Thank in advance. Cheers, Rick Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted January 10, 2012 Share Posted January 10, 2012 Whoever told you to use magic_quotes or addslashes is wrong, or at least they stopped being right in 2003 when we moved to mysql_real_escape_string. I don't know where the carat is coming from though. Quote Link to comment Share on other sites More sharing options...
laffin Posted January 10, 2012 Share Posted January 10, 2012 The carat is a symbol to denote a control character on older systems. Could this just be your editor that your using? if you echo out the field in php code, does it display as a carat? Quote Link to comment Share on other sites More sharing options...
rick.emmet Posted January 11, 2012 Author Share Posted January 11, 2012 Hello Laffin and ManiacDan, Thank you for the reply. I have XAMPP 1.7.3 on my development machine (XP Pro) which has PHP version 5.3.1, Apache version 2.2.14 and MySQL version 5.1.41 all slightly behind the latest available. But they are certainly not old systems; the behavior seems pretty odd to me though. This has bothered me for some time, but I had so much development work to do, I didn't take the time to search for an answer until now. I suspect that when I place the code on a production server, the behavior will change. As far as "mysql_real_escape_string" we did cover that in class as well and I should have mentioned it. I guess I'll try to look around some more for the answer (cause it bugs me), but it may become a non-issue when the web app is up on a production server. Thanks again for you time! Cheers, Rick Quote Link to comment Share on other sites More sharing options...
rick.emmet Posted January 11, 2012 Author Share Posted January 11, 2012 Also, I forgot to mention that when I fetch the row and echo the data, the carets are in the output. Cheers, Rick Quote Link to comment Share on other sites More sharing options...
rick.emmet Posted January 11, 2012 Author Share Posted January 11, 2012 Hi Everyone, This issue is solved. I inadvertently put escapeshellcmd() in the wrong place and it was producing the carets. Moving it back to it's proper place allows preg_replace() to clean that up. Thanks again for the input. Cheers, Rick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.