SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    106
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mysql_real_escape_string causes different results on different servers

    Hi,
    I use mysql_real_escape_string on strings when adding data to mysql DBs. I'm having this problem now that when i pull the data out of the DB I'm getting backslashes before each quotation mark. This only happens on the host server, but on my local machine the exact same code doesn't add the backslashes... what would be the best way to approach this matter?

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    That isn't mysql_escape your host server must have magic quotes on.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    106
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    should i ask the host to disable this feature for my account, or is there something else i can add to code to deal with it?

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    If this is Apache using mod_php and you have access to a .htaccess
    Code:
    php_value magic_quotes_gpc 0
    Or in pure PHP:
    PHP Code:
    function fix_magic_quotes $a )
    {
        if ( !
    get_magic_quotes_gpc() ) {
            return 
    $arr;
        }

        return 
    is_array($a) ? array_map__FUNCTION__$a ) : stripslashes$a );
    }

    $_POST fix_magic_quotes$_POST );
    $_GET fix_magic_quotes$_GET ); 
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    106
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i do have access to the .htaccess file. i tried adding the line you specified but i'm getting an "Internal Server Error" msg... anything else i should add apart from:
    php_value magic_quotes_gpc 0
    ?

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Must mean PHP is running as CGI then so you have to use the pure PHP functions
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    106
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    my host should be able to disable that in the apache config file just for my account right?

  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    I don't really know I haven't worked much with PHP as a CGI application. I've always used the apache module.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  9. #9
    SitePoint Zealot
    Join Date
    Jan 2006
    Posts
    106
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    all right i'll give it a shot... Thanks for helping me, I appreciate it.

  10. #10
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If PHP is running as a CGI, then you can use an alternate php.ini file. That file can be in your web root and will apply to your site only. You must however start with a copy of the host's ini file. You then change the settings in the copy to suit your needs.

    There are scripts available that can do this. Google for "alternate php.ini". If you are running PHP 4.x, the ini file does not affect sub-directories, only the directory that it is in. In PHP 5.x it will work more like .htaccess, in that it will reach into sub-directories. Magic quotes will be gone in PHP 6.x. At this point, nobody is sure how quickly 6.x will propagate to hosts.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  11. #11
    SitePoint Zealot metho's Avatar
    Join Date
    Feb 2005
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On php 5.x, you can also override your own custom php.ini settings with alternative php.ini files in subdirectories.

  12. #12
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Magic Quotes is really annoying. What I do i include the following on every page. So I know all have been stripped from the slashes and I have to add them myself always. The code is in my config.inc.php file, that i require in every page.

    // Is magic quotes on?
    if (get_magic_quotes_gpc()) { // Yes? Strip the added slashes
    $_REQUEST = array_map('stripslashes', $_REQUEST);
    $_GET = array_map('stripslashes', $_GET);
    $_POST = array_map('stripslashes', $_POST);
    $_COOKIE = array_map('stripslashes', $_COOKIE);
    }


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •