Monthly Archives: April 2009

Notes on PHP addslashes,mysql_escape and stripcslashes

This is just a short note while I was coding/studying on PHP a few minutes earlier for my site.

From the manual of PHP:

addslashes – Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (‘), double quote (“), backslash () and NUL (the NULL byte). [1]

mysql_real_escape_string — Escapes special characters in a string for use in a SQL statement [2]

stripslashes — Un-quote string quoted with addslashes() [3]

The purpose of using mysql_real_escape_string is to prevent this sql injection attack thing on data that was then typed by the user. This mysql_real_escape_string is somewhat functions like addslashes. When you browse or retrieve your data via mysql shell or any mysql query browser utility you will notice that there are additional characters that were added. To remove that additional character, the stripslashes function is needed and provided also by PHP.

Here is my sample code :

foreach ($dispute_message2 as $key => $value)
{
$value[messages] = stripslashes($value[messages]);
}

Note that is code is on a function and the field messages is the one that contains the extra-codes made by mysql_real_escape_string(). The issue then here is that when i tried to print the messages here from $dispute_message2 array, still i can see the extra-codes.

I’ve found later my answer on this on the foreach explanation.
“Unless the array is referenced, foreach operates on a copy of the specified array and not the array itself.”

Thus, I made some revisions on the code and here is the latest one.

foreach ($dispute_message2 as $key => $value)
{
$dispute_messages2[$key][messages] = stripslashes($value[messages]);
}

🙂 Adding this $dispute_messages2[$key] fixed my problem.

[1] http://www.php.net/manual/en/function.addslashes.php
[2] http://www.php.net/manual/en/function.mysql-real-escape-string.php
[3] http://www.php.net/manual/en/function.stripslashes.php

Perl script bad interpreter: Permission denied

Something went wrong on my perl code which was working earlier before I made an upgrade from debian etch to lenny.
Here are the errors :
debian:/home/jojo/Desktop/pepesfile/drupal/mysite# ./index.cgi
bash: ./index.cgi: /usr/bin/perl: bad interpreter: Permission denied

On the apache log :
[error] [client 192.168.1.2] (13)Permission denied: exec of '/home/jojo/Desktop/pepesfile/drupal/mysite/index.cgi' failed

I’ve been tracing the error on it. I simply commanded the perl index.cgi on it but its fine. I suspect that there are ^M character which the DOS/Windows based text editor is giving on the first few lines of code but its fine when I try to view via VIM[1].

And then I’ve tried to look at the way the folder mysite/drupal mounted on my /etc/fstab
Here is my entry:
UUID=38c8ec02-5ef7-49fd-8607-78e4b2fe78c7 /home/jojo/Desktop/pepesfile ext3 auto,rw,user 0 0

I did add the exec on the column auto,rw,user and remounted the partition but its still not working :(.

Finally i’ve replaced that auto,rw,user,exec to defaults.

Ahh.. that solved my problem.

According to the fstab documentation here[2], “defaults uses the default options that are rw, suid, dev, exec, auto, nouser, and async.” I just need to type the other options and remove the nouser, but I’m glad fstab has this default. 😀

[1] http://www.vim.org/
[2] http://www.tuxfiles.org/linuxhelp/fstab.html