Windows/Linux $_SESSION[] output inconsistency

[SpringVark]

Hi -- I originally posted this on the Linux forum but it may apply here too.

 

My application reads an HTML String from the request, into a session parameter as follows:

 

$_SESSION['post_content'] = $_REQUEST['content'];

 

When I retrieve the value of the posted HTML on the next page

 

<?php echo $_SESSION['post_content'] ?>

 

my local (WAMP) environment's output differs from the the output on my hosted (Linux) environment. The hosted environment escapes all double-quotes (as I imagine the htmlspecialchars() method might do):

 

<div class=\"c\">

 

but my local Windows environment does not (this is the desired behaviour):

 

<div class="c">

 

Obviously this has disausterous consequences when I try to commit the markup to my DB.

 

Is there any reason for the behaviour, and how do I stop it? I do use htmlspecialchars() before committing to the database, but not before any of the screens described above.

 

Any help is much appreciated!

[mrMarcus]

htmlspecialchars() does not do any escaping.  it converts markup to "non-threatening" special characters.

 

you're "hosted environment" has magic quotes turned on which automatically adds a backslash to any requested data ($_GET, $_POST, $_COOKIE) that contains a single or double-quote.

[Zyx]

This is called "magic quotes" and has nothing to do with the operating system and sessions. You can disable them in php.ini.:

 

magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off

 

Actually, magic quotes do not affect sessions, but take a look - you put to a session the data from $_REQUEST variable, where magic quotes are active.

 

PS. Do not worry, magic quotes are deprecated since PHP 5.3 and will be removed in PHP 6.0 (finally...).

[SpringVark]

Thanks Guys! That is seriously helpful. I am much obliged... what do you drink?