homepage Welcome to WebmasterWorld Guest from 54.226.136.179
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help with magic quotes
Dealing with magic quotes - they're driving me mad!
BlueScreen

10+ Year Member



 
Msg#: 4739 posted 6:47 pm on Aug 13, 2004 (gmt 0)

Hi,

If someone could help me with this I'd be really apreciative. I am having problems with magic quotes. My script works fine on a server without them, but I need to use it on a server with them turned on as well. My problem is, I have a field where the admin can use PHP and it is eval'd when being output. My problem is, if something such as this is entered

echo 'This is BlueScreen\'s test';

Which is normally fine PHP, the magic quotes turns it to this when storing to the DB

echo \'This is BlueScreen\'s test\';

Which breaks it. Now, the only suggestion I have been given is to strip the slashes, but this results in

echo 'This is BlueScreen's test';

So the PHP doesnt work. Any ideas on how to rectify this and make the output to the DB be this

echo 'This is BlueScreen\'s test';

Which is what is originally typed in?

Thanks a lot :)

 

Timotheos

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4739 posted 8:30 pm on Aug 13, 2004 (gmt 0)

I've seen this

set_magic_quotes_runtime(0); [us2.php.net]

at the top of some scripts that are widely distributed.

BlueScreen

10+ Year Member



 
Msg#: 4739 posted 11:43 pm on Aug 13, 2004 (gmt 0)

Hi, thanks - I've tried putting that at the top of my admin script, but it is still putting the / in front of every ' and breaking my PHP

Any other ideas?

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4739 posted 12:50 am on Aug 14, 2004 (gmt 0)

Is this form input? In that case you may need to set magic_quotes_gpc, which can't be done at runtime, but can be done in .htaccess

php_flag magic_quotes_gpc Off¦On

JasonHamilton

10+ Year Member



 
Msg#: 4739 posted 12:55 am on Aug 14, 2004 (gmt 0)

magic quotes are your best friend.

When dealing with a database, don't worry about it. It will automatically escape quotes and thus you don't need to addslashes to any input.

When you output the data, you just need to stripslashes to get rid of the escaping.

Simple as that.

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4739 posted 12:56 am on Aug 14, 2004 (gmt 0)

See also this thread on Magic Quotes [webmasterworld.com]

lcp2000

10+ Year Member



 
Msg#: 4739 posted 1:34 am on Aug 14, 2004 (gmt 0)

Haven't actually tried this, but how about using ANSI character codes:

echo "This is BlueScreen\s test";

Just a thought...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved