Prodigal Son Posted July 27, 2008 Share Posted July 27, 2008 Sometimes magic quotes is really annoying. But I always have it on my localhost. I don't really get this. If I insert some text into my database with mysql_real_escape_string, something like: hey's will turn to hey\'s. Am I supposed to stripslashes data I get from a database? If I select that data hey\'s from the database and display it on a page, it shows as hey's, but sometimes it shows as hey\'s, which I don't really understand. So I do a check for if magic quotes is on and if it is, I stripslashes, which works fine, but I never had to do that before. Or is that correct and it should show with the backslash? Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 27, 2008 Share Posted July 27, 2008 You need to turn off magic quotes in your .htaccess file by adding 'php_flag magic_quotes_gpc off' If that doesn't work(depending on the version of php installed), I think you may be able to modify it in your php.ini, otherwise you need to contact your hosting provider and tell their technical support. they should know how to fix it. I hate magic quotes and pretty much every blog or article about them I've read says you should disable them. It's not adequate enough. Quote Link to comment Share on other sites More sharing options...
Lodius2000 Posted July 27, 2008 Share Posted July 27, 2008 strip slashes wont hurt becuase if there are no slashes to strip, magic quotes wont do anything though i thought magic quotes was only for db input, not output Quote Link to comment Share on other sites More sharing options...
Prodigal Son Posted July 27, 2008 Author Share Posted July 27, 2008 This is on my localhost. But I'm not really asking how to disable it, I'm just wondering if what's happening is correct right now? If you have "hey\'s" in your database and echo it onto a page, is it supposed to be "hey's" or "hey\'s". Because I've never had to use stripslashes on anything I echoed from my db before. It just removes the slashes for me. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 28, 2008 Share Posted July 28, 2008 You cannot unconditionally apply stripslashes() because if there is a \ as part of the data and magic_quotes are not on, any \ that should be there would be removed. If you cannot turn off the magic_quotes_gpc setting in the master php.ini, a .htaccess file (when php is running as an Apache module), or in a local php.ini (when php is running as a CGI wrapper), you must test if it is on and only use stripslashes() on external data (post/get/cookie) if it is on. If you cannot turn off the magic_quotes_runtime setting as listed above, then you can turn it off in your script. Edit: When you put escaped data into a query string, the escape \ is not inserted into the database. If there are \'s in the database, it means that the data was escaped twice. Quote Link to comment Share on other sites More sharing options...
Prodigal Son Posted July 28, 2008 Author Share Posted July 28, 2008 Edit: When you put escaped data into a query string, the escape \ is not inserted into the database. If there are \'s in the database, it means that the data was escaped twice. Oh I see... What are usually common causes for something being escaping twice? I have a function that checks if magic_quotes is on, and if it is I stripslashes, but I only do this for post output usually. If magic quotes is on am I supposed to stripslashes before inserting into the db? It's weird because I haven't changed anything, just started seeing slashes now. Quote Link to comment Share on other sites More sharing options...
Prodigal Son Posted July 28, 2008 Author Share Posted July 28, 2008 Ah I'm an idiot, seems to work normal now. I always stripped the slashes afterwards, not before lol. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.