SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP5 bug with magic quotes

    Hi

    Well I recently moved one of my sites to a php5 server because I was interested in seeing how different it is. But then I start noticing problems with backslashes (I didnt change any code since moving to the new server).

    In my php.ini I have magic_quotes_gpc = Off, and in my script I was just using mysql_real_escape_string. But still 2 backslashes were added to the data instead of one. When I even did a "if (magic_quote_gpc()) { echo 'its on'; } type thing and it said it was set to Off.

    I read there is a problem with this when PHP 5 is run thru CGI (mine is). Is there any solution to getting round this?

    Thanks

  2. #2
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try using a $_GET variable with a value that has quote inside it and see if PHP puts a quote automaticallly.

  3. #3
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_GET['test'] was:
    here is a quote mark: '
    and it printed out:
    here is a quote mark: '

    But when using POST it prints
    here is a quote mark: \'

  4. #4
    Non-Member
    Join Date
    Jan 2003
    Posts
    5,748
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Proberly not a bug but there are few INI settings that you need to take under advicement; Post a JPEG of your INI output via

    PHP Code:
     phpinfo(); 
    It's not just a case of looking at the one *_magic_quotes() settings as there are a few of them.

  5. #5
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seems magic quotes is playing evil again. Follow whatever Dr.Livingston said, though you can cut down the size of your image by:
    PHP Code:
    <?php
    phpinfo
    (INFO_CONFIGURATION);
    ?>

  6. #6
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Though the only magic quotes directives I know of are: magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase.

    And from whatever results you have posted and the fact that it’s affecting a $_POST value, I highly doubt the later two directives should even affect it.
    Nonetheless:
    can you run
    PHP Code:
    var_dump(ini_get('magic_quotes_gpc')) .'<br />';
    var_dump(ini_get('magic_quotes_runtime')) .'<br />';
    var_dump(ini_get('magic_quotes_sybase')) .'<br />'

  7. #7
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Put the attached function in your include directory.
    Then in your PHP file put these 2 lines

    PHP Code:
    require_once("function.unescape_globals.php");
    if(
    get_magic_quotes_gpc()){unescape_globals();} 

    And that's it
    Attached Files Attached Files

  8. #8
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the advice all

    PHP Code:
    <?php
    var_dump
    (ini_get('magic_quotes_gpc')) .'<br />';
    var_dump(ini_get('magic_quotes_runtime')) .'<br />';
    var_dump(ini_get('magic_quotes_sybase')) .'<br />'
    ?>
    Returned...
    string(0) "" string(0) "" string(0) ""
    and

    PHP Code:
    <?php
    phpinfo
    (INFO_CONFIGURATION);
    ?>
    Returned...
    magic_quotes_gpc Off
    magic_quotes_runtime Off
    magic_quotes_sybase Off

  9. #9
    Non-Member
    Join Date
    Jan 2003
    Posts
    5,748
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are using PHP5.x then

    Code:
    ; Enable compatibility mode with Zend Engine 1 (PHP 4.x)
    zend.ze1_compatibility_mode = Off
    Make sure you disable BC; You won't be needing it

    Code:
    ; Always populate the $HTTP_RAW_POST_DATA variable.
    always_populate_raw_post_data = Off
    This is On by default, but it's better to switch it Off,

    Code:
    ; Always populate the $HTTP_RAW_POST_DATA variable.
    always_populate_raw_post_data = Off


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •