Addslahses Automatically??

Kold

Hi.

I have been working on a script for a couple of years, it has heavy use.

I started work on some major changes locally and noticed a huge SQL injection vulnrability - however it doesnt work on the 'real' site.

It looks like all $POST and $GET variables are automatically slashed. Whereas on my home PC, they arent.

The only difference is that the main server is using IIS, whereas I have Apache.

Could someone give me a little more info on what is going on?
Also, how could I check if something is slashed, before slashing it myself? Just in case the webhosts change settings or something without me knowing?

Thank you!!

Jasp182

http://www.faqts.com/knowledge_base/view.phtml/aid/27

with magic quotes turned on, you get the effect of automatic addslashes

http://php.mirrors.ilisys.com.au/manual/en/ref.info.php

Kold

Ah - Thanks!!

The people at the hosting company usually just annoy me, but today I forgive them, hehe.

[EDIT]Someone's stolen the resolved button, hehe.

obrienkev

Try adding this to your code...

        if(!get_magic_quotes_gpc())
        {
            $name = addslashes($name);
        }