Posted by amygdala on 05/31/07 03:24

"Jerry Stuckle" <jstucklex@attglobal.net> schreef in bericht
news:-_idnfwLEb02kMjbnZ2dnUVZ_hSdnZ2d@comcast.com...
> semi_evil@inbox.com wrote:
>> On May 23, 12:38 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>> semi_e...@inbox.com wrote:
>>>> Hi,
>>
>>>> If either field contains backslashes, they are duplicated when the
>>>> form reloads.
>>>> Each successive form submission \ becomes \\, \\\\, \\\\\\\\ etc etc
>>>> Why does this happen and how do I fix the variables to show the
>>>> original data each time?
>>
>>> Semi,
>>>
>>> You probably have magic_quotes_gpc on in your php.ini file. If so, turn
>>> it off (it defaults to on); it's not good to have.
>>>
>>> If this is your hosting company, the first thing I'd recommend is
>>> changing hosting companies. There's no good reason (IMHO) why they
>>> should be running with it on nowadays.
>>>
>>> If it is your host and you can't change, to get rid of them, use
>>> stripslashes(). And if you test to see if magic quotes is on, your code
>>> will be more transportable, i.e.
>>>
>>> if (get_magic_quotes_gpc())
>>> $body = stripslashes($_POST['body']);
>>>
>>> Jerry Stuckle
>>
>> It is my local setup and php.ini was pretty much as shipped with the
>> rpm. I've changed magic_quotes_gpc to Off and now it works. But I
>> checked and noticed my isp also has it enabled so that would have made
>> no difference this time.
>>
>> I read the documentation, and I understand what it does and why it's
>> more of a hindrance than a security aid. I'll work around it using the
>> test function if required for the time being and inform my ISP they
>> should switch it off. (Also read PHP6 probably won't even sport a
>> similar setting.)
>>
>> Thanks Jerry for your complete and friendly reply, I nearly went
>> bonkers over this issue.
>>
>> Cheers,
>> Semi
>>
>
> NP, Semi.
>
> And one other thing - if your hosting company doesn't know enough to
> change it, it's time to change hosting companies. If they're that
> clueless about magic_quotes_gpc, who knows what serious security problems
> they might leave open?
>

Bit off a late response perhaps, but if your host allows it you could also
set:

php_flag magic_quotes_gpc off

in your .htaccess in your websites root folder. No further measurements
(stripslashes) necessary then.
Still Jerry's points are good points to consider.

• Next in forum: PHP Setup
• Prev in forum: Re: Sending a mail through exchange server
• Thread view: Re: Form field value containing backslash

[Reply to this message]