Jump to content


Photo

htmlentities questions.


  • Please log in to reply
4 replies to this topic

#1 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 25 September 2006 - 04:46 PM

When I try something like this..

$text = htmlentities($_POST['text'], ENT_QUOTES);
echo $text;

and say the text is this before processing..

  • This is a single quote ' and this is a double "

This is what it looks like after words..

  • This is a single quote \' and this is a double \"

I am wondering why the quotes are being escaped??

Should I strip the \'s or am I just missing something..

Thanks,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 25 September 2006 - 04:52 PM

htmlentites shouldn't be doing that. Looks your server has setting called magic_quotes enabled. Which automatically escapes quotes returned from a function or user input. You're best of disabling magic_quotes either by editing the php.ini if you can. or by adding the following:
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag magic_quotes_sybase Off
To a .htaccess file in your servers document root.

#3 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 25 September 2006 - 05:00 PM

Could I use..

ini_set(magic_quotes_gpc, off);

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#4 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 25 September 2006 - 05:04 PM

I just tested it and it changed nothing..

I have acess to the ini but I am unable to restart apache at this moment.. I guess that I should write a batch file for that..lol

Thanks,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#5 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 25 September 2006 - 05:05 PM

No. As that doesnt fully turn of magic_quotes. that prevents magic quotes from escaping quotes in user input (GET, POST, COOKIE etc). It will not prevent magic quotes from escaping quotes that are in a string that is being retruned form a function. The only way to prevent this is to turn of magic_quotes_runtime in the php.ini, server config file or the .htaccess file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users