Turn off Magic Quotes

[Mordax Praetorian]

Is there any way to turn off that ridiculously annoying Magic Quotes thing from within the code?

 

It is neither apropriate to have /"s in my text and nor it is apropriate to remove all of the slashes from it, and I honestly don't think the quotes are anywhere where they're causing a problem

 

What IS the purpose of Magic Quotes anyway?

[awpti]

ini_set('magic_quotes_gpc', 'Off');

[StormTheGates]

Magic quotes sanitize all data inputs. It allows lazy coders to just enable it and not have to worry about mysql injection.

[Mordax Praetorian]

Argh! They're still there!

 

The programme is reading data from a Textarea, this is where the Quotes come from, when they're outputted (creation of a new HTML file) they're all refixed with /s

 

Even when that line is the first thing in the php tag

 

whats going on?

[StormTheGates]

Might depend on your hoster, I think that some do not allow the INI to be changed from within the code.

 

If you really dont want them then you can use stripslashes();

[awpti]

Magic quotes sanitize all data inputs. It allows lazy coders to just enable it and not have to worry about mysql injection.

 

magic quotes doesn't stop SQL injection.

[Mordax Praetorian]

That sounds about right, they don't allow php to upload files either (this whole exercise is a way around that)

 

Unfortunatly, I know there will be times when I need /s to appear in the text

 

I think at the moment my best option is to use str_replace() to change /' and /" to " and ', however thats just asking for either I or one of my staff members to need to put one of those 2 character combinations in a page

[awpti]

Better solution is to get a new host that doesn't have magic_quotes_gpc enabled or, at least, allows you to disable magic_quotes_gpc

[StormTheGates]

Magic quotes sanitize all data inputs. It allows lazy coders to just enable it and not have to worry about mysql injection.

 

magic quotes doesn't stop SQL injection.

 

Aright well not completely, but it does help, essentially addslashes() to every GET POST and COOKIE

[redarrow]

if you sanitize the insert of code from the beging you shouldnt get any problams........

 

 

Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.

[StormTheGates]

Try this:

 

$set = 1000;
$set = set_magic_quotes_runtime  (0);
echo "$set";

 

And report back what it says.

[Mordax Praetorian]

...it says 1

 

what does that mean?

[redarrow]

 

use

 

$example=strip_string(stripslashes($_POST['example']));

 

when posting info to the database then

 

 

[StormTheGates]

Means its on, and couldnt be set otherwise.

 

Unless Ive got it all wrong, I am watching Waterworld right now so I am kind of distracted.

[redarrow]

1 on and 0 off correct.........

[Mordax Praetorian]

There is no database, the quotes go from a form, to the php, and are then saved to a html file

 

I don't have any sort of database at all, which is also really irritating, but I've managed to work around it so far

 

I'll go with the str_replace() solution for now, if anyone needs to use /' or /" in their text they can complain at me and I'll add it manualy

[redarrow]

get a better free host that profetic we are in 2008

[awpti]

Hell, I'll host your site for free

[Mordax Praetorian]

nah, when I change hosts it'll be to a payed one, and only then if the site actualy gets off the ground

 

the problem with free hosts is that they aren't dependable, I've been on a good many in the past, and I've had ones that post offensive ads on your site, ones that distort your site with ads and don't offer any solution, ones that actualy go in and play with your code

 

There was even one I was on which ran out of badwidth half way through a month, and no, I don't mean I ran out of bandwidth, I mean the web hosting service ran out of bandwidth

 

Right now, I have a part of a payed hosting account that I got free as a gift, and although its far from perfect (which is why I'll change if the site works), its still far better than anywhere else I've been

 

I don't really need a database for the sort of thing I'm using php for, the quote thing is somewhat workable, and I know the server has reliable uptime and gives me reliable access to my files, given all of that and the fact that I'm only a few days away from absolutly needing to launch the site, I think I'm better off staying where I am now

[awpti]

I run my hosting off of my own VPS provided by my job.

 

Reboot my box about, oh.. once every 3 months.

 

I don't mess with HTTP Streams. I, naturally, have no limit on bandwidth. mwuahaha.

[Mordax Praetorian]

This actualy sounds rather tempting

 

whats the catch?

[PFMaBiSmAd]

Here is the 411 on magic quotes (all information taken from the php manual.)

 

When magic_quotes_gpc is on, it causes get/post/cookie data to be escaped, even if you don't want or need the data to be escaped (never mind that for database input you need to remove the escapes put there by magic quotes and use mysql_real_escape_string() to escape all the special characters that can break a query.)

 

magic_quotes_gpc cannot be set in the script. It can only be set in php.ini, httpd.conf (assuming you have access to httpd.conf but not php.ini), a .htaccess file (when php is running as an Apache module), or a local php.ini (when available and when php is running as a CGI wrapper.)

 

When magic_quotes_runtime is on, data you read from a file or a database is escaped. So if you removed the escapes from get/post data and wrote it to a file and you still have the escapes when you read and display the file contents, it is likely due to magic_quotes_runtime.

 

magic_quotes_runtime can be set in the script (or any of the places already mentioned for magic_quotes_gpc.)

 

All of the magic quotes have been eliminated in php6, so code that is testing for them being on and removing the escapes using a stripslashs() or similar function will still work, but there will be no escapes present in the data to remove.

 

Code that is dependent on magic quotes being on to escape data that is inserted into a database, will suddenly stop working in php6 when there are special characters in the data, because the queries will be broken and generate a syntax error.

 

Magic quotes were yet another lazy way short cut of getting the programming language to do something that the programmer should have been doing and only when he wanted it to be done, that has caused more wasted time and code to detect and work around then they were worth. Good riddance.

[awpti]

This actualy sounds rather tempting

 

whats the catch?

 

A link back to my own site. (awpti.org)

 

I'll be shifting everything off to a fully dedicated server in a few months, but that'll be an invisible process.

[Mordax Praetorian]

sounds like a deal to me

 

I just can't deal with these quote things where I am in a way that won't screw me over later

 

How soon can this be arranged?

[awpti]

PM me and I'll get everything setup on my end for you.

 

Just send me the domain name and a username you want to use for FTP. I'll setup a password for you and send it off to you (you'll be able to change it).

 

After that, it'll just be a question of switching DNS on your site (I'll probably have you point it @ ns1.geeklan.com and ns2.geeklan.com