homepage Welcome to WebmasterWorld Guest from 54.198.148.191
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
slashes mysteriously added.
..even though magic_quotes_gpc() and magic_quotes_runtime() are both set 0
dmmh




msg:1306880
 9:16 am on Mar 22, 2006 (gmt 0)

How is this possible?

Somehow my data fetched from the DB is automatically escaped, even though the both most likely culprits have been set off a long time ago and still are set 0.

Now I am all for escaping input and output, but only if I specify the script to do so....
Now my PHP syntax highlighting function fails on stuff like
$this_pseudo= str_replace(')',"\\)",$this_pseudo);

because it strips chars from the input (like it should)
If I dont strip them, I see extra added backslashes on places they shouldnt be, they sure are not in the DB after all...

any ideas?

 

seanpecor




msg:1306881
 12:06 pm on Mar 22, 2006 (gmt 0)

Run phpinfo() in a script on your server and check to make sure your quote settings are as they should be. Also if you've recently upgraded make sure that PHP is still opening the proper .ini file - which can be checked with the output of phpinfo().

dmmh




msg:1306882
 4:23 pm on Mar 22, 2006 (gmt 0)

like I said, all settings related to that are off.....

whoisgregg




msg:1306883
 4:28 pm on Mar 22, 2006 (gmt 0)

I had a somewhat similar problem recently. The culprit was a database class I was using that was doing things it ought not to do. I knew the class did it, but had forgotten.

Are there any functions/classes between your script and what you are pulling from the database that may be adding the slashes?

seanpecor




msg:1306884
 4:30 pm on Mar 22, 2006 (gmt 0)

How are you preparing the text prior to using the text in an INSERT statement? I ask because this sounds to me as though there may be an extra addslashes() or mysql_real_escape_string() in there somewhere. If you could build your full query into a $query variable and then:

echo $query;

and then paste that query here it would be really helpful. Also if you're using mysql check to see if you're using the quote() function in either the INSERT or SELECT.

Sean

dmmh




msg:1306885
 6:22 pm on Mar 22, 2006 (gmt 0)

for all my queries I use mysql_real_escape_string()
not that it matters, as there are no actual backslashes being inserted into the DB; it merely helps building a proper query

ill dig up all functions which affect this later on and will post back :)

dmmh




msg:1306886
 6:23 pm on Mar 22, 2006 (gmt 0)

Are there any functions/classes between your script and what you are pulling from the database that may be adding the slashes?

not between, only later. Ill show it later on

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved