Menu
Community /Pin to ProfileBookmark
@NogDogApr 10.2011 — #The "--eanble_magic_quotes" means that PHP was compiled with magic_quotes_gpc enabled by default. [I]However[/I], if your php.ini (or httpd.conf) config file has it set to "off", that will override the compiler directive (much like a .htaccess file setting will override the php.ini setting).@NogDogApr 10.2011 — #
Sounds OK. I usually do what you have if I want to make sure the code is portable. In fact, I came up withthis function not too long ago as something I can just include in any file to clean up get/post/cookies should they be "infected" by magic quotes:
Normal usage would then simply be:
[RESOLVED] String escaped twice?
Hi
On my host I see in phpinfo says that magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase are all off. However it seem to me like “something” is escaping my data anyway. I see that phpinfo says under Configure Command ‘–enable-magic-quotes’
Is this the reason that when adding $mystring below to the db using mysql_real_escape_string I seem to get it double escaped? What is that Configure Command actually then and how can I check it like I’m trying with get_magic_quotes_gpc below ?
Thanks
[code=php]
if (get_magic_quotes_gpc ()) {
$mystring = stripslashes ( $mystring );
}
Sign in
to post a comment7 Comments(s) ↴
0
@NogDogApr 10.2011 — #The "--eanble_magic_quotes" means that PHP was compiled with magic_quotes_gpc enabled by default. [I]However[/I], if your php.ini (or httpd.conf) config file has it set to "off", that will override the compiler directive (much like a .htaccess file setting will override the php.ini setting).0
@NogDogApr 10.2011 — #Ok, thanks. This means that since I see magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase are off (thats from php.ini right?), I shouldn't get it double escaped? And my quoted code should in fact remove any "system" slashes, right?
I just don't want to remove mysql_real_escape_string in case the script moves to a different system.
Thanks[/QUOTE]
Sounds OK. I usually do what you have if I want to make sure the code is portable. In fact, I came up with
[code=php]
<?php
/**
* Undo the damage of magic_quotes_gpc if in effect
* @return bool
*/
function fix_magic_quotes()
{
if (get_magic_quotes_gpc()) {
$func = create_function(
'&$val, $key',
'if(!is_numeric($val)) {$val = stripslashes($val);}'
);
array_walk_recursive($_GET, $func);
array_walk_recursive($_POST, $func);
array_walk_recursive($_COOKIE, $func);
}
return true;
}
[/code]Normal usage would then simply be:
[code=php]
<?php
include 'file/with/this/function.php';
fix_magic_quotes();
/* rest of script... */
[/code]