NYCPHP Meetup

NYPHP.org

[nycphp-talk] Saving data from forms

Daniel Convissor danielc at analysisandsolutions.com
Fri Feb 8 12:47:20 EST 2008


Hi Anthony:

On Thu, Feb 07, 2008 at 07:33:37PM -0500, Anthony Wlodarski wrote:
> 
> Input from form -> check for magic quotes(if not then add quotes) -> md5
> value -> save to database.
> 
> Now what happens if you change the logic to:
> Input from form -> md5 value -> save to database.
>
> Other individuals I have discussed this with would say that if you are on a
> platform without magic quotes then the md5 values will be different.  Is
> this the case?

You will get a different hash, since "That\'s good stuff, man." is 
different than "That's good stuff, man."

In your case it doesn't fully matter if it's on or off, ASSUMING that 
they will ALWAYS be in that same state.  The initial save and the 
subsequent verification submissions will both hit MD5 function with the 
same string.  But if the company changes servers/versions/settings which 
winds up changing this ini setting, you're SCREWED.

PHP comes with this nightmarish feature turned off by default and most 
hosts I've seen have it off also.  So, if you need to ENSURE portability, 
plan your logic accordingly.  For example, if MQ is on, put in 
stripslashes before making the MD5 hash.  Or you could do the database 
server's MD5(), since the slashes will be gone by the time it gets there.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409



More information about the talk mailing list