[SOLVED] Turning off Magic Quotes

[trouble706]

I am new to PHP and have jsut designed a site with a PHP calendar. I have the events from the calendar displaying on the home page of the site. However, all quotation marks are showing as if escaped. As I understand it, I think this is due to Magix Quotes being turned on. Cna someone tell me what I will need to do to turn Magic Quotes off?

Thanks... ??? ??? ???

[Bendude14]

you could use strip slashes on your data to remove the slashes that were added to escape your data

 

i think you can also try and switch them of using something like this

 

ini_set('magic_quotes_gpc', 'off');

 

use this to check and make sure they are switched on

 

echo get_magic_quotes_gpc();

[abdfahim]

you could use strip slashes on your data to remove the slashes that were added to escape your data

 

i think you can also try and switch them of using something like this

 

ini_set('magic_quotes_gpc', 'off');

 

use this to check and make sure they are switched on

 

echo get_magic_quotes_gpc();

 

ini_set('magic_quotes_gpc', 'off') will not work because magic_quotes_gpc cannot be set at runtime.

 

So, if you have access to php.ini file, then chnage the variable magic_quotes_gpc from there. Otherwise, you may use stripslashes.

[abdfahim]

Another thing, can you tell me where are you getting those strings having quotation marks? Must not from simple echo in php, coz in that case there should not be any problem. I guess its from database. If that's true, there is another process. First you just confirm me.

[nrg_alpha]

In your code, you can implement something like this:

 

if(get_magic_quotes_gpc()){ 
   $_POST['whatever'] = stripslashes($_POST['whatever']); 
}

 

This way, if it happens that your server's magic quotes is on, this will go through and strip them out. And this will be perfectly backwards compatible with current PHP once PHP6 arrives (which will no longer have magic quotes on).

[trouble706]

Yes, It is from Database...This is the code that I am using .....

 

 

<?php$db_user = '';

$db_pass = '';

$db="";

 

$link = mysql_connect('localhost', $db_user, $db_pass) ;

if (! $link)

die("Couldn't connect to MySQL");

mysql_select_db($db , $link)

or die("Couldn't open $db: ".mysql_error());

$query = "SELECT * from pec_mssgs WHERE id>0  ORDER by y, m, d ASC ";

$result = mysql_query($query, $link) or die('error making query');

$rows = mysql_num_rows($result);

while ($row = mysql_fetch_array($result)) {

$m=$row['m'];

$d= $row["d"];

$y = $row["y"];

$title= $row["title"];

  $text=$row["text"];

$stime=$row["start_time"];

$etime=$row["end_time"];

 

 

$newDate = $m."/".$d."/".$y;

 

print '<table width="180" border="0" cellpadding="0">';

print '<tr>';

print "<td  align='left' ><b>$newDate</b><br></td>";

print '</tr>';

print '<tr>';

print "<td  align='left' ><b>$stime-$etime</b><br></td>";

print '</tr>';

print '<tr>';

print "<td  align='left' ><b>$title</b></td>";

print '</tr>';

print '<tr>';

print "<td align='left' ><b>$text</b></td>";

print '</tr>';

print '</table>';

print '<br>';

}

?>

[abdfahim]

ok, then you can do what nrg_alpha said, but I prefer you do this when you Insert Into database. that is, when you insert into database, do like below.

 

if(!get_magic_quotes_gpc()){ 
   $_POST['title'] = addslashes($_POST['title']); 
  $_POST['text'] = addslashes($_POST['text']); 
}

$query = "INSERT INTO `my_table` (`title`,`text`) VALUES ('".$_POST['title']."','".$_POST['text']."')";
mysql_query($query) or die(mysql_error());

[trouble706]

??? ??? ??? I have tried both ways.....Neither seems to work... ??? ??? ???

[trouble706]

I already had this piece of code in where I am inserting to the databasse.....I would have thought that this would have done it..

 

function submitEventData ($id="")

{

global $lang;

 

$uid = $_POST['uid'];

$title = addslashes($_POST['title']);

$title = strip_tags($title);

$text = addslashes($_POST['text']);

$text = strip_tags($text);

$month = $_POST['month'];

$day = $_POST['day'];

$year = $_POST['year'];

$shour = $_POST['start_hour'];

$sminute = $_POST['start_min'];

$s_ampm = $_POST['start_am_pm'];

$ehour = $_POST['end_hour'];

$eminute = $_POST['end_min'];

$e_ampm = $_POST['end_am_pm'];

[abdfahim]

The thing is you always use addslashes, as a result of that, if magic_quotes_gpc is on, it will add extra slashes. Thats why u use the check if(!get_magic_quotes_gpc()) before you use addslashes.

[trouble706]

Ohhhhhhhhh...........Ok....So that may be my problem then, huh?? Let me try that.

[trouble706]

THanks everybody.......That was it. I took those 2 lines of code out and it works perfectly....At least I learned something today even if it did cause a massive headache to learn......

[abdfahim]

trouble706, I have one advice. if you just take those two lines (with addslashes command) out, your code will not be universal, bacause, when you host your page in some other server where magic_quote_gpc is off, it'll give you errors. In that case you have to add those two lines. I always like the codes to be universal, so I prefer to use the folowing lines instead of taking those two lines out

 

   if(!get_magic_quotes_gpc()){
        $title       = addslashes($_POST['title']);
        $text       = addslashes($_POST['text']);
    }else{
        $title       = $_POST['title'];
        $text       = $_POST['text'];
    }

 

What it'll do is, if magic_quote_gpc is turned on, it'll not use addslashes, but if magic_quote_gpc is turned off, it'll use addslashes.

 

Anyway, if you are quite sure that you'll not ever host those files in a server with magic_quote_gpc OFF, or you current server will never change its settings to magic_quote_gpc OFF, then you can continue with what you have now.

[nrg_alpha]

Good to hear it all worked out. As abdbuet mentioned, you have to check the status of your server's magic quotes through his / her given sample or mine.. this way, you don't start blindly adding slashes if magic quotes is on (if so, it does this automatically).

 

Once PHP 6 arrives, the support for all this magic quote nonsense will be dropped.. (and should clear a lot of confusion on such matters once webserves switch over to version 6). But in meantime, it is unfortunate that we have to check before adding slashes (otherwise we get into trouble   )

 

Cheers,

 

NRG

[trouble706]

Ok......Thanks Y'all....Like I said I am really just getting started with PHP and so I appreciate all the knowledge that I can glean from those with experience.