FUDforum: comp.lang.php » magic_quotes

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?

Show: Today's Messages :: Polls :: Message Navigator

Re: magic_quotes_gpc() on or off? [message #173874 is a reply to message #173868]

Wed, 11 May 2011 10:45

alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010

Karma:

Senior Member

El 11/05/2011 9:28, Simon escribió/wrote:
> On my dev machine(s) I have:
> magic_quotes_gpc = Off and magic_quotes_runtime = Off
>
> as far as I understand this is the 'preferred' settings when it comes to
> magic quotes.

Certainly. It makes everything easier, as you've already found out.

> On the live machine I see that the values are:
>
> magic_quotes_gpc = On and magic_quotes_runtime = Off
>
> I think this is a throw back of upgrading from 4.x to 5.x many moons
> ago, (the value should not be set as per
> http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc).
>
> But as a point of interest, this causes a problem when I try to save
> data in the database.
> According to http://php.net/manual/en/function.mysql-real-escape-string.php
>
> "If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
> Using this function on data which has already been escaped will escape
> the data twice."
>
> so if I have:
>
> /////////////////////////////////////////////////////////////////////////// /
>
>
> // get a proper MySQL connection for mysql_real_escape_string() to work.
> ...
> //
> //
> $data = 'H\hi'; // a random string that I want to save 'as is' in the
> db. Note the 'escaped' character.
>
> //
> // now try and save it to the db
> //
> // Stripslashes if need be
> if (get_magic_quotes_gpc())
> {
> $data = stripslashes($data);
> }
>
> // escape
> $data = mysql_real_escape_string($data);
>
> echo $data;
> /////////////////////////////////////////////////////////////////////////// /
>
>
> You will see that the data has become 'Hhi', the '\' has been stripped,
> and the data is no longer saved as expected.
>
> If I turn magic_quotes_gpc=off this is a moot point.
> But I was wondering how you could get it to work with magic_quotes_gpc=On
>
> Any suggestions? comments?

If $data really comes from GET/POST/COOKIE and the original value is
«H\hi», you should have «H\\hi».

Inspect its value with var_dump() and make sure it's actually coming
from $_GET, $_POST or $_COOKIE.

Also, have a look at the register_globals directive. If you rely on it,
you can never be sure of where your variable comes from.

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--

Report message to a moderator

[Message index]

		magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 07:28
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 10:38
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:49
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Wed, 11 May 2011 15:29
		Re: magic_quotes_gpc() on or off? By: Michael Fesser on Fri, 13 May 2011 19:25
		Re: magic_quotes_gpc() on or off? By: Jerry Stuckle on Fri, 13 May 2011 22:44
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 10:45
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 11:53
		Re: magic_quotes_gpc() on or off? By: alvaro.NOSPAMTHANX on Wed, 11 May 2011 14:13
		Re: magic_quotes_gpc() on or off? By: Simon on Wed, 11 May 2011 14:15

Previous Topic:	Re: A question about refresh
Next Topic:	Program to Submit to forms

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Tue Jul 09 00:43:58 GMT 2024

Total time taken to generate the page: 0.05188 seconds