SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2008
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    slashes going inside database values

    Hello

    My server has magic_quotes on and my code had add_slashes which I have removed. Now values get added in database properly. But there is a small problem. When filling up the form, if javascript is disabled and there is an error validating the form inputs(i.e. if any input is empty or wrong), any form input having the ' or " become /' or /" and remains as it is. Now when the form is finally submitted it goes with the /' or /" instead of simply ' or " and gets stored in the database in the same way which is what I don't want. What is it that I am doing wrong or missing??

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Easy solution. Disable magic_quotes and properly escape (mysql_real_escape_string) the input yourself before putting it into a query.

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2008
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have done that. But disabling magic_quotes gives me an error in another form on my site. Also I do not have access to change the setitngs. Isn't there a way to correct this problem keeping magic_quotes on??

    Thnks

  4. #4
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Run this code on the pages you want to 'disable' magic quotes, while keeping it on for the site/server as a whole:

    PHP Code:
    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
     
    $_GET    array_map('stripslashes'$_GET);
     
    $_POST   array_map('stripslashes'$_POST);
     
    $_COOKIE array_map('stripslashes'$_COOKIE);
    }
    //if 
    I have this code in my init.php file which is run on every page load anyway, then code with the assumption that magic quotes is off. This will keep your code forwards compatible for when magic quotes is removed from php.

  5. #5
    SitePoint Enthusiast
    Join Date
    Nov 2008
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Isn't there a better way, I mean calling the init.php with the if function on all pages?? For 15-20 pages it is fine but when you have code running in hundreds of pages it is not feasible.

    Thnks

  6. #6
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Create a page or place the code in the database connection page/file which you include all the times but should be included on top of the page.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  7. #7
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by manjushree View Post
    Isn't there a better way, I mean calling the init.php with the if function on all pages?? For 15-20 pages it is fine but when you have code running in hundreds of pages it is not feasible.

    Thnks
    Host dependent, you could create a new php.ini or .htaccess on your server to disable magic_quotes.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  8. #8
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by manjushree View Post
    Isn't there a better way, I mean calling the init.php with the if function on all pages?? For 15-20 pages it is fine but when you have code running in hundreds of pages it is not feasible.

    Thnks
    The majority of web applications will have this kind of init / bootstrap file, so it shouldn't be a problem just inserting it in there. If not, you can also automatically include files at the top of every script with php_auto_prepend_file or something, a setting in httpd.conf/.htaccess


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •