FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » magic_quotes_gpc() on or off?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: magic_quotes_gpc() on or off? [message #173874 is a reply to message #173868] Wed, 11 May 2011 10:45 Go to previous messageGo to previous message
alvaro.NOSPAMTHANX is currently offline  alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010
Karma:
Senior Member
El 11/05/2011 9:28, Simon escribió/wrote:
> On my dev machine(s) I have:
> magic_quotes_gpc = Off and magic_quotes_runtime = Off
>
> as far as I understand this is the 'preferred' settings when it comes to
> magic quotes.

Certainly. It makes everything easier, as you've already found out.


> On the live machine I see that the values are:
>
> magic_quotes_gpc = On and magic_quotes_runtime = Off
>
> I think this is a throw back of upgrading from 4.x to 5.x many moons
> ago, (the value should not be set as per
> http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc).
>
> But as a point of interest, this causes a problem when I try to save
> data in the database.
> According to http://php.net/manual/en/function.mysql-real-escape-string.php
>
> "If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
> Using this function on data which has already been escaped will escape
> the data twice."
>
> so if I have:
>
> /////////////////////////////////////////////////////////////////////////// /
>
>
> // get a proper MySQL connection for mysql_real_escape_string() to work.
> ...
> //
> //
> $data = 'H\hi'; // a random string that I want to save 'as is' in the
> db. Note the 'escaped' character.
>
> //
> // now try and save it to the db
> //
> // Stripslashes if need be
> if (get_magic_quotes_gpc())
> {
> $data = stripslashes($data);
> }
>
> // escape
> $data = mysql_real_escape_string($data);
>
> echo $data;
> /////////////////////////////////////////////////////////////////////////// /
>
>
> You will see that the data has become 'Hhi', the '\' has been stripped,
> and the data is no longer saved as expected.
>
> If I turn magic_quotes_gpc=off this is a moot point.
> But I was wondering how you could get it to work with magic_quotes_gpc=On
>
> Any suggestions? comments?

If $data really comes from GET/POST/COOKIE and the original value is
«H\hi», you should have «H\\hi».

Inspect its value with var_dump() and make sure it's actually coming
from $_GET, $_POST or $_COOKIE.

Also, have a look at the register_globals directive. If you rely on it,
you can never be sure of where your variable comes from.


--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Re: A question about refresh
Next Topic: Program to Submit to forms
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 03:26:32 GMT 2024

Total time taken to generate the page: 0.04262 seconds