Welcome to WebmasterWorld Guest from 54.167.58.159

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

slashes mysteriously added.

..even though magic_quotes_gpc() and magic_quotes_runtime() are both set 0

     

dmmh

9:16 am on Mar 22, 2006 (gmt 0)

10+ Year Member



How is this possible?

Somehow my data fetched from the DB is automatically escaped, even though the both most likely culprits have been set off a long time ago and still are set 0.

Now I am all for escaping input and output, but only if I specify the script to do so....
Now my PHP syntax highlighting function fails on stuff like
$this_pseudo= str_replace(')',"\\)",$this_pseudo);

because it strips chars from the input (like it should)
If I dont strip them, I see extra added backslashes on places they shouldnt be, they sure are not in the DB after all...

any ideas?

seanpecor

12:06 pm on Mar 22, 2006 (gmt 0)

10+ Year Member



Run phpinfo() in a script on your server and check to make sure your quote settings are as they should be. Also if you've recently upgraded make sure that PHP is still opening the proper .ini file - which can be checked with the output of phpinfo().

dmmh

4:23 pm on Mar 22, 2006 (gmt 0)

10+ Year Member



like I said, all settings related to that are off.....

whoisgregg

4:28 pm on Mar 22, 2006 (gmt 0)

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I had a somewhat similar problem recently. The culprit was a database class I was using that was doing things it ought not to do. I knew the class did it, but had forgotten.

Are there any functions/classes between your script and what you are pulling from the database that may be adding the slashes?

seanpecor

4:30 pm on Mar 22, 2006 (gmt 0)

10+ Year Member



How are you preparing the text prior to using the text in an INSERT statement? I ask because this sounds to me as though there may be an extra addslashes() or mysql_real_escape_string() in there somewhere. If you could build your full query into a $query variable and then:

echo $query;

and then paste that query here it would be really helpful. Also if you're using mysql check to see if you're using the quote() function in either the INSERT or SELECT.

Sean

dmmh

6:22 pm on Mar 22, 2006 (gmt 0)

10+ Year Member



for all my queries I use mysql_real_escape_string()
not that it matters, as there are no actual backslashes being inserted into the DB; it merely helps building a proper query

ill dig up all functions which affect this later on and will post back :)

dmmh

6:23 pm on Mar 22, 2006 (gmt 0)

10+ Year Member



Are there any functions/classes between your script and what you are pulling from the database that may be adding the slashes?

not between, only later. Ill show it later on