| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 8 of 8
-
May 6, 2009, 22:45 #1SitePoint Enthusiast
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
slashes going inside database values
Hello
My server has magic_quotes on and my code had add_slashes which I have removed. Now values get added in database properly. But there is a small problem. When filling up the form, if javascript is disabled and there is an error validating the form inputs(i.e. if any input is empty or wrong), any form input having the ' or " become /' or /" and remains as it is. Now when the form is finally submitted it goes with the /' or /" instead of simply ' or " and gets stored in the database in the same way which is what I don't want. What is it that I am doing wrong or missing??
-
May 6, 2009, 22:52 #2Follow Me On Twitter: @djg
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,580
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Easy solution. Disable magic_quotes and properly escape (mysql_real_escape_string) the input yourself before putting it into a query.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
May 6, 2009, 23:59 #3SitePoint Enthusiast
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I have done that. But disabling magic_quotes gives me an error in another form on my site. Also I do not have access to change the setitngs. Isn't there a way to correct this problem keeping magic_quotes on??
Thnks
-
May 7, 2009, 01:34 #4SitePoint Wizard
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Run this code on the pages you want to 'disable' magic quotes, while keeping it on for the site/server as a whole:
I have this code in my init.php file which is run on every page load anyway, then code with the assumption that magic quotes is off. This will keep your code forwards compatible for when magic quotes is removed from php.PHP Code:if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
}//if
-
May 20, 2009, 03:39 #5SitePoint Enthusiast
- Join Date
- Nov 2008
- Posts
- 29
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Isn't there a better way, I mean calling the init.php with the if function on all pages?? For 15-20 pages it is fine but when you have code running in hundreds of pages it is not feasible.
Thnks
-
May 20, 2009, 03:46 #6rajug.replace('Raju Gautam');
- Join Date
- Oct 2006
- Location
- Kathmandu, Nepal
- Posts
- 4,013
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Create a page or place the code in the database connection page/file which you include all the times but should be included on top of the page.
Mistakes are proof that you are trying.....
------------------------------------------------------------------------
PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5
-
May 20, 2009, 03:50 #7Twitter: @AnthonySterling
- Join Date
- Apr 2008
- Location
- North-East, UK.
- Posts
- 6,111
- Mentioned
- 3 Post(s)
- Tagged
- 0 Thread(s)
Host dependent, you could create a new php.ini or .htaccess on your server to disable magic_quotes.
Originally Posted by manjushree
@AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.
-
May 20, 2009, 04:25 #8SitePoint Wizard
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
The majority of web applications will have this kind of init / bootstrap file, so it shouldn't be a problem just inserting it in there. If not, you can also automatically include files at the top of every script with php_auto_prepend_file or something, a setting in httpd.conf/.htaccess Originally Posted by manjushree
Bookmarks