$_GET & $HTTP_GET_VARS return different results

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Hoping someone can help, I have a sql query which is passed to the
script via the url, this is like:-


If I look at $_GET['stmt'], this gives:-
   select * from tickets where ( status=''Closed'' ......
If I look at $HTTP_GET_VARS['stmt'], this gives:-
   select * from tickets where ( status=\'Closed\' ......

To get the query back again I run through stripslashes(), however
obviously this will have no affect with the $_GET['stmt'] variable.

So to my question, why am I getting differing results I believed that
the two variables were always the same, why is the ' not being escaped
with a \???

I am running php 5.0.3 on apache

Would appreciate some enlightenment, as I am beginning to pull my hair
out. I only have this problem with sqlite queries, mySQL queries are
escaped correctly in $_GET['stmt'].

Thanks in advance


Re: $_GET & $HTTP_GET_VARS return different results

*** Chris Cox escribió/wrote (Thu, 03 Mar 2005 01:02:30 +0000):
Quoted text here. Click to load it

So that the user can manually rewrite the URL to

Quoted text here. Click to load it

Check this page: http://www.php.net/magic_quotes

If you cannot disable magic quotes for the whole server try to either
disable it for your script or detect it and unescape if necessary. Magic
quotes are evil.

Also, backup your database often, it'll get hacked pretty soon if you don't
change your design :)

-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ Manda tus dudas al grupo, no a mi buzón
-+ Send your questions to the group, not to my mailbox

Site Timeline