SitePoint Sponsor |
|
User Tag List
Results 1 to 9 of 9
Thread: PHP5 bug with magic quotes
-
Mar 4, 2007, 09:37 #1
- Join Date
- Feb 2007
- Location
- UK
- Posts
- 591
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
PHP5 bug with magic quotes
Hi
Well I recently moved one of my sites to a php5 server because I was interested in seeing how different it is. But then I start noticing problems with backslashes (I didnt change any code since moving to the new server).
In my php.ini I have magic_quotes_gpc = Off, and in my script I was just using mysql_real_escape_string. But still 2 backslashes were added to the data instead of one. When I even did a "if (magic_quote_gpc()) { echo 'its on'; } type thing and it said it was set to Off.
I read there is a problem with this when PHP 5 is run thru CGI (mine is). Is there any solution to getting round this?
Thanks
-
Mar 4, 2007, 10:07 #2
Try using a $_GET variable with a value that has quote inside it and see if PHP puts a quote automaticallly.
-
Mar 4, 2007, 10:50 #3
- Join Date
- Feb 2007
- Location
- UK
- Posts
- 591
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
$_GET['test'] was:
here is a quote mark: '
and it printed out:
here is a quote mark: '
But when using POST it prints
here is a quote mark: \'
-
Mar 4, 2007, 11:09 #4
- Join Date
- Jan 2003
- Posts
- 5,748
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Proberly not a bug but there are few INI settings that you need to take under advicement; Post a JPEG of your INI output via
PHP Code:phpinfo();
-
Mar 4, 2007, 11:19 #5
Seems magic quotes is playing evil again. Follow whatever Dr.Livingston said, though you can cut down the size of your image by:
PHP Code:<?php
phpinfo(INFO_CONFIGURATION);
?>
-
Mar 4, 2007, 11:26 #6
Though the only magic quotes directives I know of are: magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase.
And from whatever results you have posted and the fact that it’s affecting a $_POST value, I highly doubt the later two directives should even affect it.
Nonetheless:
can you run
PHP Code:var_dump(ini_get('magic_quotes_gpc')) .'<br />';
var_dump(ini_get('magic_quotes_runtime')) .'<br />';
var_dump(ini_get('magic_quotes_sybase')) .'<br />';
-
Mar 4, 2007, 12:52 #7
Put the attached function in your include directory.
Then in your PHP file put these 2 lines
PHP Code:require_once("function.unescape_globals.php");
if(get_magic_quotes_gpc()){unescape_globals();}
And that's it
-
Mar 4, 2007, 13:20 #8
- Join Date
- Feb 2007
- Location
- UK
- Posts
- 591
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks for the advice all
PHP Code:<?php
var_dump(ini_get('magic_quotes_gpc')) .'<br />';
var_dump(ini_get('magic_quotes_runtime')) .'<br />';
var_dump(ini_get('magic_quotes_sybase')) .'<br />';
?>
string(0) "" string(0) "" string(0) ""
PHP Code:<?php
phpinfo(INFO_CONFIGURATION);
?>
magic_quotes_gpc Off
magic_quotes_runtime Off
magic_quotes_sybase Off
-
Mar 4, 2007, 13:35 #9
- Join Date
- Jan 2003
- Posts
- 5,748
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
If you are using PHP5.x then
Code:; Enable compatibility mode with Zend Engine 1 (PHP 4.x) zend.ze1_compatibility_mode = Off
Code:; Always populate the $HTTP_RAW_POST_DATA variable. always_populate_raw_post_data = Off
Code:; Always populate the $HTTP_RAW_POST_DATA variable. always_populate_raw_post_data = Off
Bookmarks