Monday, January 7, 2013

Use of Addslashes and Stripslashes Function in PHP

introduction
The addslashes() function is used to add backslashes [\] to data submitted from your forms. This keeps the input MySQL (and other coding languages) friendly. What this means is that addslashes() would change:
I'm Vinod
to:
I\'m Vinod
This function controls SQL injection; in other words you pass a special character, for example:
 Addslashes function in php.jpg
$fname = $_POST[fname];
$sql="insert into user(fname) value($fname)";
x=(fname)value('Ram's');
This form is called SQL injection. Already (Magic_Quates_GPC)= On otherwise go to PHP ini setting GPC means G for GET, P for POST, and C for COOKIES.
Syntax
addslashes($string_data)

Example
php
$x="ram's"."
"."
";
echo addslashes($x);
?>
php
$str = "Who's vinod?"."
"."
";
echo $str . " This is not safe in a database query.
"."
";
echo addslashes($str) . " This is safe in a database query.";
?>

Output
Addslashes functions in php.jpg

The stripslashes() function is used to remove backslashes from data. One use of this function is to display data that addslashes() has been applied to. What this means is that stripslashes() would change:

I\'m very Powerful

into:

I'm very powerful

Using stripslashes() after mysql_real_escape_string
Syntax
stripslashes(string)

Note This function can be used to clean up data retrieved from a database or from an HTML form.
I have been reading most recently about prevention of SQL injection and I am trying to develop some sense of understanding among the various functions so that I can learn the basics.
I have read about mysql_real_escape_string and I understand that it is basically escaping characters which it deems "special" so that it is not confused for SQL syntax?
Example

 php
 $said = 'Who said \"Live long and prosper\"?'."
"."
";
;
 print stripslashes($said);
 ?>

 php
echo stripslashes("Who\'s Sharad?");
?>
Posted by at No comments:

Use of Addslashes and Stripslashes Function in PHP

ntroduction
The addslashes() function is used to add backslashes [\] to data submitted from your forms. This keeps the input MySQL (and other coding languages) friendly. What this means is that addslashes() would change:
I'm Vinod
to:
I\'m Vinod
This function controls SQL injection; in other words you pass a special character, for example:
 Addslashes function in php.jpg
$fname = $_POST[fname];
$sql="insert into user(fname) value($fname)";
x=(fname)value('Ram's');
This form is called SQL injection. Already (Magic_Quates_GPC)= On otherwise go to PHP ini setting GPC means G for GET, P for POST, and C for COOKIES.
Syntax
addslashes($string_data)

Example
php
$x="ram's"."
"."
";
echo addslashes($x);
?>
php
$str = "Who's vinod?"."
"."
";
echo $str . " This is not safe in a database query.
"."
";
echo addslashes($str) . " This is safe in a database query.";
?>

Output
Addslashes functions in php.jpg

The stripslashes() function is used to remove backslashes from data. One use of this function is to display data that addslashes() has been applied to. What this means is that stripslashes() would change:

I\'m very Powerful

into:

I'm very powerful

Using stripslashes() after mysql_real_escape_string
Syntax
stripslashes(string)

Note This function can be used to clean up data retrieved from a database or from an HTML form.
I have been reading most recently about prevention of SQL injection and I am trying to develop some sense of understanding among the various functions so that I can learn the basics.
I have read about mysql_real_escape_string and I understand that it is basically escaping characters which it deems "special" so that it is not confused for SQL syntax?
Example

 php
 $said = 'Who said \"Live long and prosper\"?'."
"."
";
;
 print stripslashes($said);
 ?>

 php
echo stripslashes("Who\'s Sharad?");
?>
Posted by at No comments:

Creating a Random String in PHP

Introduction
You can create a random string in PHP using the PHP built-in rand function. It might be for a complex password, a verification code, or something for developing. Basically it is used when you want to save time, in other words saving your manual process time, nothing more. In the following I present a simple way to create a random string in PHP step-by-step.

Step 1

Create a PHP rand_string function
First, you can create a PHP function with one (1) parameter specifying the length.

function rand_string ($length){...body}

It is used to generate a random string.

Step 2

Take a Variable
After that you can use a string variable with the name of char.

$char="ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz@#$&*";

It contains a collection of various types of strings. When a function generates a random string, all of the characters are fetched from it.

Step 3
We will refer to parts of this String using a random generator. Once we generate a random integer index, we add the corresponding character – the character at that index – to a finished String. This can be completed using a loop:

$size = strlen( $chars );
for( $i = 0; $i < $length; $i++ ) {
$str= $chars[ rand( 0, $size - 1 ) ];
echo $str;
}

Step 4
Call rand_string() function.rand_string( 5 );

Example
php
function rand_string( $length ) {
       $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz@#$&*";  
       $size = strlen( $chars );
       echo "Random string =";
       for( $i = 0; $i < $length; $i++ ) {
              $str= $chars[ rand( 0, $size - 1 ) ];
              echo $str;
       }
}
 rand_string( 5 );
?>
Posted by at No comments:
Subscribe to: Posts (Atom)