Jump to content

Escaping works differently dev vs. production

shamwowy

By shamwowy
in PHP Coding Help

Recommended Posts

shamwowy Member

shamwowy

Posted
Posted

Hi all. I have the following line of code which is displaying differently on my dev vs. production servers. Exact same code (same file).

 

I have a form that passes in x_first_name to this code:

$x_first_name = $_POST['x_first_name'];  ---this to display on the page later

$db_first_name = mysql_real_escape_string($x_first_name); -- this to insert into the database

 

When I print out $x_first_name using "O'Tommy" for example, anything with an appostrophe (this applies to last name and all other fields) I get the following:

Dev - "O'Tommy" --- as it should appear

Prod - "O\'Tommy" -- is adding a backslash escape without me wanting one

 

This field gets passed to a payment gateway and will fail a credit card check with the backslashes in it. So I cannot have them around. I also notice that when I pass it to a third page, a second backslash is added, so I'm thinking it's a global config thing....perhaps a Joomla thing?

 

Any ideas on where I can look to fix this? Is there perhaps a config option that is auto-escaping for me that I am unaware of? The production site itself is running a Joomla site, but the form and processing file are not within the joomla application (though they still reside in the home directory).

 

Any help much appreciated. Again this is the exact same file, I'm just uploading it to prod and noticing the difference.

Thanks!

 

waynew Advanced Member

waynew

Posted
Posted

Your server has magic_quotes enabled. It's pretty annoying because it attempts to escape all sensitive characters with backslashes. If you can't get your host to disable the feature, you can always run this script. (I usually place it in a config file).

 

if(get_magic_quotes_gpc ()){
    foreach($_POST as $key => $val){
        $_POST[$key] = stripslashes($val);
    }
    foreach($_GET as $key => $val){
        $_GET[$key] = stripslashes($val);
    }
    foreach($_COOKIE as $key => $val){
        $_COOKIE[$key] = stripslashes($val);
    }
}

 

Basically, the code checks to see if magic quotes is enabled. If it's enabled, it'll go through all of the POST, GET and COOKIE data and reverse the effects. Note: You should run the above code before you start using your POST data etc.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.