|
As bad as it may sound, if you are only trying to extract text with a certain pattern, it might be easier to use a regular expression rather than a xml parser. I.e /<mytag>([^<]*)<\\/mytag>/ tef fucked around with this message at 13:24 on Apr 1, 2008 |
# ¿ Mar 28, 2008 12:21 |
|
|
# ¿ Apr 30, 2024 20:52 |
|
Also, if you wish to keep a copy of the sanitsed html, you can use a cache like memcached
|
# ¿ Apr 5, 2008 11:04 |
|
the xpath is /ref/@href. Edit: No it isn't - oops. tef fucked around with this message at 08:26 on Jul 5, 2008 |
# ¿ Jul 5, 2008 01:14 |
|
electric_vaseline posted:However, if you really want to stick with that. It would just be a matter of parsing the session data and then Escaping the data too - although unlikely, there is the possibility of header injection in php if the adress or subject can be controlled by the user.
|
# ¿ Aug 30, 2008 12:40 |
|
Hammerite posted:Would you mind telling me why not? Yes, the problem is that in the following code, you make the assumption that magic quotes perform the same function as mysqli_real_escape_string(). Hammerite posted:
If you read the php manual you will find that: What are Magic Quotes posted:When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does. But for mysqli_real_escape_string, it escapes the following values: "NUL (ASCII 0), \n, \r, \, ', ", and Control-Z", and takes account of the connection locale. Additionally, "If magic_quotes_sybase is on, a single-quote is escaped with a single-quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime are enabled". In summary: you should not do that because it does not do the same thing. If you insist in using mysqli_real_escape_string, I would imagine something like this would suffice: php:<? if ( get_magic_quotes_gpc() ) { $foo = mysqli_real_escape_string($cxn,stripslashes($foo)) } else { $foo = mysqli_real_escape_string($cxn,$foo); }?> tef fucked around with this message at 03:15 on Jan 21, 2009 |
# ¿ Jan 21, 2009 02:43 |
|
|
# ¿ Apr 30, 2024 20:52 |
|
Yes, the other way around
|
# ¿ Jan 21, 2009 03:15 |