PHP5 bug with magic quotes

**AlienDev** · Mar 4, 2007, 09:37

Hi

Well I recently moved one of my sites to a php5 server because I was interested in seeing how different it is. But then I start noticing problems with backslashes (I didnt change any code since moving to the new server).

In my php.ini I have magic_quotes_gpc = Off, and in my script I was just using mysql_real_escape_string. But still 2 backslashes were added to the data instead of one. When I even did a "if (magic_quote_gpc()) { echo 'its on'; } type thing and it said it was set to Off.

I read there is a problem with this when PHP 5 is run thru CGI (mine is). Is there any solution to getting round this?

Thanks

**Kailash Badu** · Mar 4, 2007, 10:07

Try using a $_GET variable with a value that has quote inside it and see if PHP puts a quote automaticallly.

**AlienDev** · Mar 4, 2007, 10:50

$_GET['test'] was:
here is a quote mark: '
and it printed out:
here is a quote mark: '

But when using POST it prints
here is a quote mark: \'

**Dr Livingston** · Mar 4, 2007, 11:09

Proberly not a bug but there are few INI settings that you need to take under advicement; Post a JPEG of your INI output via

PHP Code:


 phpinfo();

It's not just a case of looking at the one *_magic_quotes() settings as there are a few of them.

**Kailash Badu** · Mar 4, 2007, 11:19

Seems magic quotes is playing evil again. Follow whatever Dr.Livingston said, though you can cut down the size of your image by:

PHP Code:


<?php
phpinfo(INFO_CONFIGURATION);
?>

**Kailash Badu** · Mar 4, 2007, 11:26

Though the only magic quotes directives I know of are: magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase.

And from whatever results you have posted and the fact that it’s affecting a $_POST value, I highly doubt the later two directives should even affect it.
Nonetheless:
can you run

PHP Code:


var_dump(ini_get('magic_quotes_gpc')) .'<br />';
var_dump(ini_get('magic_quotes_runtime')) .'<br />';
var_dump(ini_get('magic_quotes_sybase')) .'<br />';

**REMIYA** · Mar 4, 2007, 12:52

Put the attached function in your include directory.
Then in your PHP file put these 2 lines

PHP Code:


require_once("function.unescape_globals.php");
if(get_magic_quotes_gpc()){unescape_globals();}

And that's it

**AlienDev** · Mar 4, 2007, 13:20

Thanks for the advice all

PHP Code:


<?php
var_dump(ini_get('magic_quotes_gpc')) .'<br />';
var_dump(ini_get('magic_quotes_runtime')) .'<br />';
var_dump(ini_get('magic_quotes_sybase')) .'<br />'; 
?>

Returned...

string(0) "" string(0) "" string(0) ""

and

PHP Code:


<?php
phpinfo(INFO_CONFIGURATION);
?>

Returned...

magic_quotes_gpc Off
magic_quotes_runtime Off
magic_quotes_sybase Off

**Dr Livingston** · Mar 4, 2007, 13:35

If you are using PHP5.x then

Code:

; Enable compatibility mode with Zend Engine 1 (PHP 4.x)
zend.ze1_compatibility_mode = Off

Make sure you disable BC; You won't be needing it

Code:

; Always populate the $HTTP_RAW_POST_DATA variable.
always_populate_raw_post_data = Off

This is On by default, but it's better to switch it Off,

Code:

; Always populate the $HTTP_RAW_POST_DATA variable.
always_populate_raw_post_data = Off

User Tag List

Thread: PHP5 bug with magic quotes

Thread Tools

Display

PHP5 bug with magic quotes

Bookmarks

Bookmarks

Posting Permissions