cdmafra Posted February 25, 2015 Share Posted February 25, 2015 Hello. I have a problem when I send an article to DB from the server (in localhost everything is working fine). So, the news_post (textarea) is sending backslashes before single and double quotes, broking embed elements (images, videos, etc.). The articles are sent to DB throught this coide: [codeif (isset($_POST["publish-p"])) { $link = mysqli_connect("CONNECTION DATA") or die("Error " . mysqli_error($link)); $categoria= mysqli_real_escape_string($link, $_POST['categoria']); $categoria2= mysqli_real_escape_string($link, $_POST['categoria2']); $destaque= mysqli_real_escape_string($link, $_POST['destaque']); $publicado= mysqli_real_escape_string($link, $_POST['publicado']); $news_title= mysqli_real_escape_string($link, $_POST['news_title']); $news_slug= mysqli_real_escape_string($link, $_POST['news_slug']. '-' . date('d-m-Y')); $news_subtitle= mysqli_real_escape_string($link, $_POST['news_subtitle']); $news_desc= mysqli_real_escape_string($link, $_POST['news_desc']); $news_post= mysqli_real_escape_string($link, $_POST['news_post']); $news_date= mysqli_real_escape_string($link, $_POST['news_date']); $hour= mysqli_real_escape_string($link, date('H:i')); $news_image= mysqli_real_escape_string($link, $_POST['news_image']); $copyright= mysqli_real_escape_string($link, $_POST['copyright']); $publish="INSERT INTO news (news_guid, categoria, categoria2, destaque, publicado, news_title, news_slug, news_subtitle, news_desc, news_post, news_date, hour, news_image, copyright) VALUES (uuid(), '$categoria', '$categoria2', '$destaque', '$publicado', '$news_title', '$news_slug', '$news_subtitle', '$news_desc', '$news_post', '$news_date', '$hour', '$news_image', '$copyright')"; [/code] Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/ Share on other sites More sharing options...
mac_gyver Posted February 25, 2015 Share Posted February 25, 2015 your server has magic_quotes_gpc on, see this link - http://php.net/manual/en/security.magicquotes.php you either need to turn the setting off, upgrade your php version, or you need to detect if the setting is on in your code and use stripslashes() on the data before you apply your own escaping to the data. Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506690 Share on other sites More sharing options...
cdmafra Posted February 25, 2015 Author Share Posted February 25, 2015 I believe I can't change anything in my server. How should I apply stripslashes() in this code? Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506691 Share on other sites More sharing options...
mac_gyver Posted February 25, 2015 Share Posted February 25, 2015 use the get_magic_quotes_gpc() function in some conditional logic - if (get_magic_quotes_gpc()) { $_POST['categoria'] = stripslashes($_POST['categoria']); // example for one value } if you have a bunch of data values to apply this to, you can use php's array_map() (single dimensional data only) or array_walk_recursive() (multi-dimensional data, requires a user written call-back function) to apply stripslashes() to every element of the $_POST array so that you don't need to write out code for each different post variable. Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506694 Share on other sites More sharing options...
cdmafra Posted February 25, 2015 Author Share Posted February 25, 2015 Thanks. I'm trying to apply get_magic_quotes with my code, but with no result. if (isset($_POST["publish-p"])) { $link = mysqli_connect("connection data") or die("Error " . mysqli_error($link)); $categoria= mysqli_real_escape_string($link, $_POST['categoria']); $categoria2= mysqli_real_escape_string($link, $_POST['categoria2']); $destaque= mysqli_real_escape_string($link, $_POST['destaque']); $publicado= mysqli_real_escape_string($link, $_POST['publicado']); $news_title= mysqli_real_escape_string($link, $_POST['news_title']); $news_slug= mysqli_real_escape_string($link, $_POST['news_slug']. '-' . date('d-m-Y')); $news_subtitle= mysqli_real_escape_string($link, $_POST['news_subtitle']); $news_desc= mysqli_real_escape_string($link, $_POST['news_desc']); $news_post= mysqli_real_escape_string($link, $_POST['news_post']); $news_date= mysqli_real_escape_string($link, $_POST['news_date']); $hour= mysqli_real_escape_string($link, date('H:i')); $news_image= mysqli_real_escape_string($link, $_POST['news_image']); $copyright= mysqli_real_escape_string($link, $_POST['copyright']); if (get_magic_quotes_gpc()) { $_POST['news_post'] = stripslashes($_POST['news_post']); // example for one value } $publish="INSERT INTO news (news_guid, categoria, categoria2, destaque, publicado, news_title, news_slug, news_subtitle, news_desc, news_post, news_date, hour, news_image, copyright) VALUES (uuid(), '$categoria', '$categoria2', '$destaque', '$publicado', '$news_title', '$news_slug', '$news_subtitle', '$news_desc', '$news_post', '$news_date', '$hour', '$news_image', '$copyright')"; mysqli_query($link, $publish) OR DIE(mysql_error()); //mensagem após submeter dados $message = "<script>alert('Notícia publicada!');</script>"; Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506699 Share on other sites More sharing options...
mac_gyver Posted February 25, 2015 Share Posted February 25, 2015 ... you need to detect if the setting is on in your code and use stripslashes() on the data before you apply your own escaping to the data. the stripslashs() code goes before any code you have to escape the data. Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506700 Share on other sites More sharing options...
cdmafra Posted February 25, 2015 Author Share Posted February 25, 2015 Done, thanks! Link to comment https://forums.phpfreaks.com/topic/294889-unwanted-backslashes/#findComment-1506702 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.