shamwowy Posted June 12, 2011 Share Posted June 12, 2011 Hi all. I have the following line of code which is displaying differently on my dev vs. production servers. Exact same code (same file). I have a form that passes in x_first_name to this code: $x_first_name = $_POST['x_first_name']; ---this to display on the page later $db_first_name = mysql_real_escape_string($x_first_name); -- this to insert into the database When I print out $x_first_name using "O'Tommy" for example, anything with an appostrophe (this applies to last name and all other fields) I get the following: Dev - "O'Tommy" --- as it should appear Prod - "O\'Tommy" -- is adding a backslash escape without me wanting one This field gets passed to a payment gateway and will fail a credit card check with the backslashes in it. So I cannot have them around. I also notice that when I pass it to a third page, a second backslash is added, so I'm thinking it's a global config thing....perhaps a Joomla thing? Any ideas on where I can look to fix this? Is there perhaps a config option that is auto-escaping for me that I am unaware of? The production site itself is running a Joomla site, but the form and processing file are not within the joomla application (though they still reside in the home directory). Any help much appreciated. Again this is the exact same file, I'm just uploading it to prod and noticing the difference. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/239177-escaping-works-differently-dev-vs-production/ Share on other sites More sharing options...
waynew Posted June 12, 2011 Share Posted June 12, 2011 Your server has magic_quotes enabled. It's pretty annoying because it attempts to escape all sensitive characters with backslashes. If you can't get your host to disable the feature, you can always run this script. (I usually place it in a config file). if(get_magic_quotes_gpc ()){ foreach($_POST as $key => $val){ $_POST[$key] = stripslashes($val); } foreach($_GET as $key => $val){ $_GET[$key] = stripslashes($val); } foreach($_COOKIE as $key => $val){ $_COOKIE[$key] = stripslashes($val); } } Basically, the code checks to see if magic quotes is enabled. If it's enabled, it'll go through all of the POST, GET and COOKIE data and reverse the effects. Note: You should run the above code before you start using your POST data etc. Quote Link to comment https://forums.phpfreaks.com/topic/239177-escaping-works-differently-dev-vs-production/#findComment-1228852 Share on other sites More sharing options...
KevinM1 Posted June 13, 2011 Share Posted June 13, 2011 ^ You can make it even simpler with array_map. Quote Link to comment https://forums.phpfreaks.com/topic/239177-escaping-works-differently-dev-vs-production/#findComment-1228857 Share on other sites More sharing options...
shamwowy Posted June 13, 2011 Author Share Posted June 13, 2011 Worked, and worked. Thanks all I really appreciate your help! Quote Link to comment https://forums.phpfreaks.com/topic/239177-escaping-works-differently-dev-vs-production/#findComment-1228940 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.