schilly Posted February 11, 2010 Share Posted February 11, 2010 so i'm printing out some post data from a form and it already has slashes added to the data. i've never seen this before and is hence messing up all my queries when i use mysql_real_escape_string on the form data. this is through the go daddy preview dns feature. we are upgrading a site so the dns hasn't been switched over yet. i'm fairly certain this preview dns thing has already broken some of my jquery code. here's my code. basic html <form method="post" name="furniture_form" action="" enctype="multipart/form-data"> <table> <tr><td colspan="2" align="center"><?php echo isset($msg) ? $msg : " "; ?></td></tr> <tr> <td>Item Number:</td> <td><input type="text" name="item_num" value="<?php echo $item_num; ?>"></td> </tr> <tr> <td>Category:</td> <td><select name="category"><?php echo getCatMenu($category); ?></select></td> </tr> <tr> <td>Style:</td> <td><select name="style"><?php echo getStylesMenu($style); ?></select></td> </tr> <tr> <td>Dimensions:</td> <td><textarea name="dimensions" rows="2" cols="25"><?php echo $dimensions; ?></textarea></td> </tr> <tr> <td>Description:</td> <td><textarea name="description" rows="5" cols="50"><?php echo $description; ?></textarea></td> </tr> <tr> <td>Picture:</td> <td> <input type="file" name="file"> <div style="float:right"><?php if($picture != "default.jpg") echo "<img src='/includes/makeThumb.php?name=$picture&type=0'>"; ?></div> </td> </tr> <tr> <td>Comments:</td> <td><input type="text" name="comments" value="<?php echo $comments; ?>"></td> </tr> <tr> <td> </td> <td><input type="submit" name="furniture_submit" value="<?php echo $button_name; ?>"><input type="hidden" name="furniture_id" value="<?php echo $_GET['id']; ?>"</td> </tr> </table> </form> php code at the top of the page: <?php print_r($_POST); //processing code ?> so if i add some quotes and stuff in the fields and post here is what gets posted: Array ( [item_num] => 15432a [category] => Dining Room [style] => Tapered Leg [dimensions] => asdfsdfasdf [description] => testing\'s [comments] => whooo whooo [furniture_submit] => Update Furniture [furniture_id] => 2 ) anyone seen this before? Quote Link to comment Share on other sites More sharing options...
schilly Posted February 11, 2010 Author Share Posted February 11, 2010 well looks like magic_quotes_gpc is set to on. never seen this option turned on before in the php.ini file. so does this mean i dont need to use mysql_real_escape_string? Quote Link to comment Share on other sites More sharing options...
mapleleaf Posted February 11, 2010 Share Posted February 11, 2010 You can turn them off: ini_set("magic_quotes_gpc", "0"); Also GoDaddy has some weird settings where they will rewrite urls in an odd way. If you have a choice don't use GoDaddy. Quote Link to comment Share on other sites More sharing options...
schilly Posted February 11, 2010 Author Share Posted February 11, 2010 yea not my choice =( thanks for the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.