addslashes($string)
stripslashes($string)

In both cases, $string represents the string to operate on, and each of the functions returns the modified string. Including a stripslashes() function call every time you work with remote data will work no matter whether magic quotes are enabled (because there won't be any slashes to strip if magic quotes are off). However, determining when to add slashes to a string is slightly more difficult. If magic quotes are enabled, calling the addslashes() function will escape the automatically escaped string (hence it will be double escaped), which will undoubtedly lead to bugs in your script. Because of this, the addslashes() function should be used only when you are completely sure PHP has not already done this job for you. To determine the state of magic quotes at runtime, use the get_magic_quotes_gpc() or get_magic_quotes_runtime() functions.

These two functions are used to retrieve the active setting for their related PHP configuration directives. Each of them will return either an integer 1 (indicating magic quotes are enabled) or zero. This function (see ) can be used to create our own custom my_addslashes() function, which adds slashes only depending on whether magic quotes are enabled in your PHP configuration:

Listing 5.1. A Custom addslashes() function my_addslashes()

<?php
    function my_addslashes($string) {
        return (get_magic_quotes_gpc() == 1) ? $string : addslashes($string);
    }
?>

We now have an eloquent method of dealing with magic quotes, regardless of the configuration of the particular copy of PHP the script is running on. By using our custom my_addslashes() function instead of the internal version, we can always be assured that our data will be formatted in the expected manner.

Data Conversion and Encoding

Often, especially when transferring data between PHP and an external source (such as an HTML form or a database) it is necessary to encode or convert the data to an appropriate format. This section is devoted to those support functions available in PHP used for these purposes. Unlike the two functions addslashes() and stripslashes() discussed in the previous section, the following functions do not have any association with configuration directives and thus require no special care.

Encoding and Decoding Data for URLs

When sending data as part of a form or in a GET request to the server (that is, as part of the URL), often it is necessary to convert characters that bear special meaning in an HTTP request (nonalphanumeric characters) into an acceptable format. In HTTP requests, this format is a hexadecimal number representative of the character's ASCII value prefixed with the % symbol. The one exception to this in modern times is the space character, which is represented by a +. In the following example, assuming you would like to pass the variable myvar whose value is a string "/ value" to another PHP script, the following would not work:

http://myserver.com/myscript.php?myvar=/value

To properly pass the value of myvar, you'll need to convert it to the encoded representation of the string. Because the hexadecimal value of this character is 0x2F and the space character is signified by +, the appropriate URL would be as follows:

http://myserver.com/myscript.php?myvar=%2F+value

Because manually converting each non-alphanumeric character would be an incredible hassle, PHP provides the urlencode() function, which converts all non-alphanumeric characters (except the -, _, and . characters, which have no significance in the HTTP protocol) into their encoded form. This function's syntax is as follows:

urlencode($string)

$string is the string to encode. Upon success, the urlencode() function will return the string in its encoded form. A sister function to urlencode(), rawurlencode(), does not convert the space character into a plus (+). Rather, it converts it into its hexadecimal value 0x20 (%20).

When PHP transfers passed parameters from an HTTP request (regardless of whether they come from GET, POST, or cookies) PHP automatically decodes the values into their actual values. However, for situations where it may be necessary to decode these values manually, PHP also provides the urldecode() function. The syntax for urldecode() is as shown next:

urldecode($enc_string)
<< Prev - Next >>



	
Tags:
 
Add more tags...,







 or Close 


 


	


	
	
	
	
		
This entry was posted on . You can follow any responses to this entry through the RSS 2.0 feed.
		
		 You can leave a comment.

		
		
		 Tags: Simple PHP, Pear, Easy PHP, PHP Tutorial, PHP MySQL, XSLT, Sap Tutorial, CSS Tutorial, XSL FO Java, SQL Tutorial.
		
		
		
		

	

	
	


      


        


		

		

		Users' Comments (0)
		
		

      

    

	
	


	 


	  


		
	  

     

	  


	   


	   

	   

	   		




Comment an article





			

			
			

			

			

			
				


				
  

				  


					


					
					  

					  Name

			      

				  			  

				  


					
   E-mail

			      

				  
				  	

				    

				  


					


					    

                      Title 

			      

				  	

				  
					


					  

					    
						

						
					

			      

				  
				  


					


					
Available characters: 4000

					

			      

				  
				  


					


					
					 Notify me of follow-up comments
									

					

			      

				  
				  


					
				

					


					Enter what you see:


					



					
					

			      

				  		

				  


					


			      

				

				

				

				

				

				

								

					

				

				

				



	   

	   

	  

	
No comment posted