Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Weird: Slashes getting added

0 views
Skip to first unread message

Eric

unread,
Feb 27, 2006, 4:11:07 PM2/27/06
to
So, I've got this simple test PHP document (at the bottom of this
message). It simply puts up a textarea and then submits the form to
itself. The text of the textarea will be placed in 'body' of the $_POST
array. If the $_POST['body'] variable is set, it outputs what 'body'
contains and if not, it simply outputs 'No body var'.

Ok...like, I said...pretty simple.

Now, when I run this on my local machine, I enter:
we'll
in the textarea and when I submit the form, I get:
we'll


However, when I run this form on my webhost, I enter:
we'll
in the textarea and when I submit the form, I get:
we\'ll

Somehow a slash was added before the tick mark. Is this some
configuration option? Does it have to do with how PHP is configured on
the webhost? Does it have something to do with how Apache is configured
on the webhost? Any idea how the slash got there?

I'm just finding this rather odd and hoping to get an explanation.

If it is easily explained, is the best way to get rid of the extra slash
marks to call stripslashes()?

If you want to see it in action on the webhost, just visit:

http://www.ericgorr.net/slash

<?PHP
echo "<html><head><title>hello</title></head>";
echo "<body bgcolor=#eeeeee>";

if ( isset( $_POST['body'] ) )
{
echo $_POST['body'] . "<br>";
}
else
{
echo "No body var<br>";
}

echo "<form name=ContactPlayers method=post action=\"index.php\">";
echo "<textarea cols=80 name=body rows=12></textarea>";
echo "<br>";
echo "<p><input type=submit name=submit value=Send>";
echo "&nbsp;&nbsp;&nbsp;&nbsp;";
echo "<input type=reset></p>";
echo "</form>";
echo "</body></html>";
?>

Andy Hassall

unread,
Feb 27, 2006, 4:20:15 PM2/27/06
to
On Mon, 27 Feb 2006 21:11:07 GMT, egus...@verizon.net (Eric) wrote:

>However, when I run this form on my webhost, I enter:
> we'll
>in the textarea and when I submit the form, I get:
> we\'ll
>
>Somehow a slash was added before the tick mark. Is this some
>configuration option? Does it have to do with how PHP is configured on
>the webhost? Does it have something to do with how Apache is configured
>on the webhost? Any idea how the slash got there?

It's the misguided PHP configuration option "magic_quotes_gpc".

http://uk2.php.net/manual/en/security.magicquotes.php

This should be Off. Sounds like it's On on your webhost.

If you have permissions, you may be able to disable it in a .htaccess file.

Otherwise you'll have to mess around checking whether it's on or off, and if
it's on, use stripslashes() on the data, which is fairly ridiculous.

--
Andy Hassall :: an...@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Eric

unread,
Feb 27, 2006, 4:34:23 PM2/27/06
to
Andy Hassall <an...@andyh.co.uk> wrote:

> On Mon, 27 Feb 2006 21:11:07 GMT, egus...@verizon.net (Eric) wrote:
>
> >However, when I run this form on my webhost, I enter:
> > we'll
> >in the textarea and when I submit the form, I get:
> > we\'ll
> >
> >Somehow a slash was added before the tick mark. Is this some
> >configuration option? Does it have to do with how PHP is configured on
> >the webhost? Does it have something to do with how Apache is configured
> >on the webhost? Any idea how the slash got there?
>
> It's the misguided PHP configuration option "magic_quotes_gpc".
>
> http://uk2.php.net/manual/en/security.magicquotes.php
>
> This should be Off. Sounds like it's On on your webhost.
>
> If you have permissions, you may be able to disable it in a .htaccess file.
>
> Otherwise you'll have to mess around checking whether it's on or off, and if
> it's on, use stripslashes() on the data, which is fairly ridiculous.

Thank you. This was driving me nuts.

Unfortunately, my webhost is rather clueless (I'm switching soon) and
likely won't be interested in modifying their configuration.


Clev...@hotmail.com

unread,
Feb 27, 2006, 7:37:15 PM2/27/06
to
the other thing is that it's just a common way of storing a string,
it's called an escape character and can be used when normal use of a
character would end a string.
for instance:
the text; david said "hello" would need to become "david said
\"hello\"" so that php knew which quotes were the start and end of a
string and which werent... \ is php's signal that the character isnt
what it might seem to be so if you were to use \n it would give you a
line feed, \t is a tab and so on.

You can probably work this to your advantage if you just look it up in
the right reference :)

Erwin Moller

unread,
Feb 28, 2006, 9:24:49 AM2/28/06
to
Eric wrote:


Hi

"magic_quotes_gpc" is turned on in the php.ini.

If you cannot change it, just add above EVERY script of yours:
ini_set("magic_quotes_gpc" , 0);

I took up the habbit of adding a file for every new project that contains a
few ini_sets, and if they fail, I let my app fail too.

It is the easiest way to overrule php.ini if you cannot or wish not to
change php.ini directly.
I think it is important to make such a file because you never know where
your application might end up. (Another ISP, or your current ISP changes
php.ini, etc.)

Remember that not all php.ini values can be overruled, so make sure you
check too if the ini_set() suceeded. (Like using ini_get() to check.)

Regards,
Erwin Moller

eric...@gmail.com

unread,
Feb 28, 2006, 6:14:55 PM2/28/06
to

Erwin Moller wrote:
> I took up the habbit of adding a file for every new project that contains a
> few ini_sets, and if they fail, I let my app fail too.

I would be interested to know what ini_sets you considered to be
important.

Erwin Moller

unread,
Mar 2, 2006, 3:48:23 AM3/2/06
to
eric...@gmail.com wrote:


Hi Eric,

The answer depends on the project.
But here is an example of how I do it.
This is piece of a script that gets included above every other script.

It simple defines the values I want to be sure of during the execution of my
scripts in that certain project.
Of course I could also try to overwrite ALL values in php.ini (that can can
overwritten with ini_set()), but these are the ones I picked.

---------------------------------
$iniSettings = array (
"short_open_tag" => "1",
// always on "track_vars" => "On",
"arg_separator.output" => "&",
"arg_separator.input" => "&",
"register_globals" => "0",

// magic quotes on
"magic_quotes_gpc" => "1",
"magic_quotes_runtime" => "0",
"register_argc_argv" => "1",

// max_execution_time defines the number of seconds a script may run
"max_execution_time" => "45",

// email stuff
"SMTP" => "smtp.xx.com",
"smtp_port" => "25",
// emailfrom not displayed here
"sendmail_from" => "X...@YY.com",

// Includepath!
"include_path" => ".;C:\Inetpub\wwwroot\XXXX\includes",

"default_mimetype" => "text/html",
"default_charset" => "ISO-8859-1",

// errorhandling
"error_reporting" => E_ALL,

// sessions
"session.save_handler" => "user",
"session.use_only_cookies" => "1",
"session.auto_start" => "0"
);


foreach ($iniSettings as $inikey => $inivalue){
ini_set($inikey, $inivalue);
// and test
if (ini_get($inikey) != $inivalue){
echo "UNRECOVERABLE INI-PROBLEM IN ini_settings.php.<br>";
echo "CANNOT SET $inikey to $inivalue.<br><h2>EXITING</h2>";
exit;
}
}

---------------------------------


Regards,
Erwin Moller

0 new messages