Weird: Slashes getting added

Re: Weird: Slashes getting added

On Mon, 27 Feb 2006 21:11:07 GMT, egusenet@verizo n.net (Eric) wrote:
[color=blue]
>However, when I run this form on my webhost, I enter:
> we'll
>in the textarea and when I submit the form, I get:
> we\'ll
>
>Somehow a slash was added before the tick mark. Is this some
>configuratio n option? Does it have to do with how PHP is configured on
>the webhost? Does it have something to do with how Apache is configured
>on the webhost? Any idea how the slash got there?[/color]

It's the misguided PHP configuration option "magic_quotes_g pc".



This should be Off. Sounds like it's On on your webhost.

If you have permissions, you may be able to disable it in a .htaccess file.

Otherwise you'll have to mess around checking whether it's on or off, and if
it's on, use stripslashes() on the data, which is fairly ridiculous.

--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: Weird: Slashes getting added

Andy Hassall <andy@andyh.co. uk> wrote:
[color=blue]
> On Mon, 27 Feb 2006 21:11:07 GMT, egusenet@verizo n.net (Eric) wrote:
>[color=green]
> >However, when I run this form on my webhost, I enter:
> > we'll
> >in the textarea and when I submit the form, I get:
> > we\'ll
> >
> >Somehow a slash was added before the tick mark. Is this some
> >configuratio n option? Does it have to do with how PHP is configured on
> >the webhost? Does it have something to do with how Apache is configured
> >on the webhost? Any idea how the slash got there?[/color]
>
> It's the misguided PHP configuration option "magic_quotes_g pc".
>
> http://uk2.php.net/manual/en/security.magicquotes.php
>
> This should be Off. Sounds like it's On on your webhost.
>
> If you have permissions, you may be able to disable it in a .htaccess file.
>
> Otherwise you'll have to mess around checking whether it's on or off, and if
> it's on, use stripslashes() on the data, which is fairly ridiculous.[/color]

Thank you. This was driving me nuts.

Unfortunately, my webhost is rather clueless (I'm switching soon) and
likely won't be interested in modifying their configuration.

Re: Weird: Slashes getting added

the other thing is that it's just a common way of storing a string,
it's called an escape character and can be used when normal use of a
character would end a string.
for instance:
the text; david said "hello" would need to become "david said
\"hello\"" so that php knew which quotes were the start and end of a
string and which werent... \ is php's signal that the character isnt
what it might seem to be so if you were to use \n it would give you a
line feed, \t is a tab and so on.

You can probably work this to your advantage if you just look it up in
the right reference :)

Re: Weird: Slashes getting added

Eric wrote:
[color=blue]
> So, I've got this simple test PHP document (at the bottom of this
> message). It simply puts up a textarea and then submits the form to
> itself. The text of the textarea will be placed in 'body' of the $_POST
> array. If the $_POST['body'] variable is set, it outputs what 'body'
> contains and if not, it simply outputs 'No body var'.
>
> Ok...like, I said...pretty simple.
>
> Now, when I run this on my local machine, I enter:
> we'll
> in the textarea and when I submit the form, I get:
> we'll
>
>
> However, when I run this form on my webhost, I enter:
> we'll
> in the textarea and when I submit the form, I get:
> we\'ll
>
> Somehow a slash was added before the tick mark. Is this some
> configuration option? Does it have to do with how PHP is configured on
> the webhost? Does it have something to do with how Apache is configured
> on the webhost? Any idea how the slash got there?
>
> I'm just finding this rather odd and hoping to get an explanation.
>
> If it is easily explained, is the best way to get rid of the extra slash
> marks to call stripslashes()?
>
> If you want to see it in action on the webhost, just visit:
>
> http://www.ericgorr.net/slash
>
> <?PHP
> echo "<html><head><t itle>hello</title></head>";
> echo "<body bgcolor=#eeeeee >";
>
> if ( isset( $_POST['body'] ) )
> {
> echo $_POST['body'] . "<br>";
> }
> else
> {
> echo "No body var<br>";
> }
>
> echo "<form name=ContactPla yers method=post action=\"index. php\">";
> echo "<textarea cols=80 name=body rows=12></textarea>";
> echo "<br>";
> echo "<p><input type=submit name=submit value=Send>";
> echo "&nbsp;&nbsp;&n bsp;&nbsp;";
> echo "<input type=reset></p>";
> echo "</form>";
> echo "</body></html>";
> ?>[/color]


Hi

"magic_quotes_g pc" is turned on in the php.ini.

If you cannot change it, just add above EVERY script of yours:
ini_set("magic_ quotes_gpc" , 0);

I took up the habbit of adding a file for every new project that contains a
few ini_sets, and if they fail, I let my app fail too.

It is the easiest way to overrule php.ini if you cannot or wish not to
change php.ini directly.
I think it is important to make such a file because you never know where
your application might end up. (Another ISP, or your current ISP changes
php.ini, etc.)

Remember that not all php.ini values can be overruled, so make sure you
check too if the ini_set() suceeded. (Like using ini_get() to check.)

Regards,
Erwin Moller

Re: Weird: Slashes getting added


Erwin Moller wrote:[color=blue]
> I took up the habbit of adding a file for every new project that contains a
> few ini_sets, and if they fail, I let my app fail too.[/color]

I would be interested to know what ini_sets you considered to be
important.

Re: Weird: Slashes getting added

ericgorr@gmail. com wrote:
[color=blue]
>
> Erwin Moller wrote:[color=green]
>> I took up the habbit of adding a file for every new project that contains
>> a few ini_sets, and if they fail, I let my app fail too.[/color]
>
> I would be interested to know what ini_sets you considered to be
> important.[/color]


Hi Eric,

The answer depends on the project.
But here is an example of how I do it.
This is piece of a script that gets included above every other script.

It simple defines the values I want to be sure of during the execution of my
scripts in that certain project.
Of course I could also try to overwrite ALL values in php.ini (that can can
overwritten with ini_set()), but these are the ones I picked.

---------------------------------
$iniSettings = array (
"short_open_tag " => "1",
// always on "track_vars " => "On",
"arg_separator. output" => "&",
"arg_separator. input" => "&",
"register_globa ls" => "0",

// magic quotes on
"magic_quotes_g pc" => "1",
"magic_quotes_r untime" => "0",
"register_argc_ argv" => "1",

// max_execution_t ime defines the number of seconds a script may run
"max_execution_ time" => "45",

// email stuff
"SMTP" => "smtp.xx.co m",
"smtp_port" => "25",
// emailfrom not displayed here
"sendmail_f rom" => "XX@YY.com" ,

// Includepath!
"include_pa th" => ".;C:\Inetpub\w wwroot\XXXX\inc ludes",

"default_mimety pe" => "text/html",
"default_charse t" => "ISO-8859-1",

// errorhandling
"error_reportin g" => E_ALL,

// sessions
"session.save_h andler" => "user",
"session.use_on ly_cookies" => "1",
"session.auto_s tart" => "0"
);


foreach ($iniSettings as $inikey => $inivalue){
ini_set($inikey , $inivalue);
// and test
if (ini_get($inike y) != $inivalue){
echo "UNRECOVERA BLE INI-PROBLEM IN ini_settings.ph p.<br>";
echo "CANNOT SET $inikey to $inivalue.<br>< h2>EXITING</h2>";
exit;
}
}

---------------------------------


Regards,
Erwin Moller