Reply to Re: [PHP] php.ini & magic quotes

Your name:

Reply:


Posted by Jochem Maas on 09/30/05 20:08

Jay Blanchard wrote:
> Everyday I scratch my head.....
>
> In php.ini in the C:\WINNT it is said;
>
> ; Magic quotes for incoming GET/POST/Cookie data.
> magic_quotes_gpc = Off
>
> ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(),
> etc.
> magic_quotes_runtime = Off
>
> In phpinfo() it is said;
>

where does it say it read the ini file from?
is there a .htaccess equivelant setting somewhere
in the ISS server [your new job in a windows shop]
turning magic_quotes_gpc on (for the given 'vhost')?

(I use apache terminology - I trust your savvy
enough to translate them to ISSspeak :-)

> magic_quotes_gpc On On
> magic_quotes_runtime Off Off
>
> [note the disparity]
>
> and get_magic_quotes_gpc() returns a 1 (for 'on')
>
> I am having a helluva time escaping single quotes for use with MSSQL because
> it throws the following error....
>
> SELECT EPC, Owner, Location, Application, Process, Product, Purchased,
> Comments FROM intranet.dbo.CustomerRelations WHERE Purchased = '1990\'\'s'
> ORDER BY EPC DESC
>
> Filter=Purchased&FilterKey=1990\'\'s <--$_SERVER['QUERY_STRING']
>
> 1 <--get_magic_quotes_gpc
>
>
> Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL
> Server]Line 1: Incorrect syntax near '\'., SQL state 37000 in SQLExecDirect
> in E:\fubar\iamscrewed\windowsblows\index.php on line 51
> [Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near
> '\'.
>
> Slashes are being inserted during the post, but i cannot get them to go

can you so a hack with 'magic_quotes_sybase' ini setting? (turn it on)
see here: http://nl2.php.net/sybase

> away...stripslashes doesn;t work.....can anyone help me get rid of the

what exactly isn't working?
something like this does do it for you?:


/**
* array_stripslashes()
*
* stripsslashes from each value found in the given array,
* and recurses if a value is itself an array.
* this function is used to 'transform' request superglobals into
* 'form' that is consistent regardless of server settings. (magic quotes, etc)
*
* @return array()
*/
function array_stripslashes(&$array) {
if(!is_array($array));
while (list($key) = @each($array)) {
if (is_array($array[$key])) {
array_stripslashes($array[$key]);
} else {
$array[$key] = stripslashes($array[$key]);
}
}
}

/* setup the env the way we like it. */
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
if (get_magic_quotes_gpc()) { // stripslashes if they were auto added
array_stripslashes( $_POST );
array_stripslashes( $_GET );
array_stripslashes( $_REQUEST );
array_stripslashes( $_COOKIES );
array_stripslashes( $_HTTP_POST_VARS );
array_stripslashes( $_HTTP_GET_VARS );
array_stripslashes( $_HTTP_COOKIES_VARS );
}

> slashes? Or should I just go for a nice motorcycle ride in the Hill Country?

If you have hills I'd say take an mtb. :-) I like mtb'ing - but I live
in a country

>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация