connectcase Posted August 13, 2008 Share Posted August 13, 2008 Not sure if this is Apache or PHP related, but the guys at php.net told me it is not a bug but a feature, emphasizing I should read the section on "magic quotes" (which I did over and over again, but no answer). Anyway, magic quotes are OFF in the example below: Adding the following to your .htaccess file: "AddHandler application/x-httpd-php .php" parses all php files correctly regarding "slash-involved" functions like addslashes, mysql_real_escape_string etc.: addslashes("O'Brien") results in "O\'Brien" (as it should be, right?) Adding the 5 to the PHP handler in your .htaccess file: "AddHandler application/x-httpd-php5 .php" results in 2 extra slashes: addslashes("O'Brien") will now become "O\\\'Brien" According to the documentation a function like mysql_real_escape_string should only add just 1 slash and not insert it into your database. There are no other changes to configuration or php.ini whatsoever. I am on shared hosting, so can't change much anyway. Searched the php.net bugreports, searched the manual, searched phpfreaks, Google etc. but no luck of finding an explanation..... Thanks guys! Quote Link to comment Share on other sites More sharing options...
ignace Posted August 13, 2008 Share Posted August 13, 2008 well "O\\\'Brien" is safer, cause there will always be a slash to prohibit for example sql injection. It probably has its use, it is however to me unknown Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 13, 2008 Share Posted August 13, 2008 The extra escape characters are due to the magic_quotes settings. Use a phpinfo(); statement to see what they are set to (both magic_quotes_gpc and magic_quotes_runtime.) Quote Link to comment Share on other sites More sharing options...
connectcase Posted August 13, 2008 Author Share Posted August 13, 2008 That's what the guys at php.net said. But as stated in the initial post: magic quotes are (all) OFF. So they should not have any influence whatsoever right? Cheers, Cees Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 13, 2008 Share Posted August 13, 2008 You should still verify that by running phpinfo, AddHandler application/x-httpd-php5 could be loading a different php.ini which has magic quotes enabled. Magic quotes has three different settings, which are magic_quotes_gpc - this is will automatically escape quotes in GET, POST or COOKIE data magic_quotes_runtime - this stetting will automatically escape strings returned from functions magic_quotes_sybase - allows you to escape quotes as '' (two single quotes) rather than \' (rarely used). Both of the above settings should be disabled. Quote Link to comment Share on other sites More sharing options...
connectcase Posted August 14, 2008 Author Share Posted August 14, 2008 Wildteen, believe me when I say I have double checked phpinfo. All the magic quotes settings are on off. Any other suggestions (all input welcome!!). Thanks, Cees Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.