how to prevent database to add slash to quotes
Asked Answered
C

5

8

i know this sounds really common and so trivial but , am having a challenge here. I have a web site with Zend/Doctrine and i use ckeditor for the backend management. after uploading the site i've realized that during edit testing the look and feel of the site is messed up.

with the help of firebug, i've seen that there are slashes all over the html. after inline edition, the look and feel came back to normal. There are so many files , i can't think of doing other decoding before outputting data from mysql.

What options do i have to solve this problem. the site is up already and i feel a bit unconfortable about this. Can anyone give a hint? thanks

Cornetcy answered 20/6, 2012 at 1:12 Comment(1)
secret ninja magic quotes fighting is php < 5.4 style.Isogloss
C
4

I thank every one for the help. Really the accepted solution should be the one from @Stanislav Palatnik . just that it didn't work with my .htaccess. the hosting server was nice enough to put a php.ini in my public_html allowing me to change it. So +1 to @Stanislav Palatnik because he pointed out the issue. i also found interesting information i thought i would share in case someone found himself in my situation.

info from: http://support.godaddy.com/groups/web-hosting/forum/topic/how-to-turn-off-magic_quotes_gpc/
Yes – the solution below worked for me:

(1) First of all do not try to turn off the magic quotes in your .htaccess file, it won’t work on godaddy.
(2) Second, if you’re running PHP5 on your account, rename your php.ini file to php5.ini, make sure it’s in your root folder.
(3) Third, make sure all the lines in your php5.ini file end in a semi colon ;
(4) Fourth, add this line to your php5.ini file:
magic_quotes_gpc = Off;

on the same page someone said it shouldn't be only magic_quotes_gpc only but other ones aswell like shown below:

magic_quotes_gpc = Off;
magic_quotes_runtime = Off;
magic_quotes_sybase = Off;

Hope this helped someone. Special thanks to @Stanislav Palatnik

Cornetcy answered 21/6, 2012 at 9:27 Comment(1)
No, really, this is the right answer on a shared host server (like GoDaddy). Works like a charm!Endocranium
S
9

It might be magic_quotes_gpc. Can you verify that it's turned off?

Here is a way to turn it off: http://php.net/manual/en/security.magicquotes.disabling.php

Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.

Also, are you using prepared statements? PHP PDO/MySQLI will escape automatically for you. Depends on the type of queries you're using.

Seaton answered 20/6, 2012 at 1:17 Comment(1)
Hello.very kind to respond this promptly.unfortunately, adding it in.htaccess internal server .any zend gurus here?it is possible to add it the application.ini?Cornetcy
M
5

It seems like you're data is getting double escaped before being inserted into your database. Are you using mysql_real_escape_string or addslashes before inserting data into the database? If so, maybe you want to use stripslashes before you insert your data like so:

mysql_real_escape_string(stripslashes($data));

Or else you could theoretically call stripslashes after you take the data out of the database:

stripslashes($data);

The second approach is less desirable, though. It would be better to have the data properly stored in the database.

Morphology answered 20/6, 2012 at 1:27 Comment(0)
C
4

I thank every one for the help. Really the accepted solution should be the one from @Stanislav Palatnik . just that it didn't work with my .htaccess. the hosting server was nice enough to put a php.ini in my public_html allowing me to change it. So +1 to @Stanislav Palatnik because he pointed out the issue. i also found interesting information i thought i would share in case someone found himself in my situation.

info from: http://support.godaddy.com/groups/web-hosting/forum/topic/how-to-turn-off-magic_quotes_gpc/
Yes – the solution below worked for me:

(1) First of all do not try to turn off the magic quotes in your .htaccess file, it won’t work on godaddy.
(2) Second, if you’re running PHP5 on your account, rename your php.ini file to php5.ini, make sure it’s in your root folder.
(3) Third, make sure all the lines in your php5.ini file end in a semi colon ;
(4) Fourth, add this line to your php5.ini file:
magic_quotes_gpc = Off;

on the same page someone said it shouldn't be only magic_quotes_gpc only but other ones aswell like shown below:

magic_quotes_gpc = Off;
magic_quotes_runtime = Off;
magic_quotes_sybase = Off;

Hope this helped someone. Special thanks to @Stanislav Palatnik

Cornetcy answered 21/6, 2012 at 9:27 Comment(1)
No, really, this is the right answer on a shared host server (like GoDaddy). Works like a charm!Endocranium
A
2

In case this is a magic quotes problem and as i recall you only having access to your application.ini, you might add the following and give it a try

phpSettings.magic_quotes_gpc = 0
phpSettings.magic_quotes_runtime = 0

This still requires your user / usergroup to be allowed to change default php settings ;)

Anticipation answered 20/6, 2012 at 5:11 Comment(0)
G
0
  <?php
     if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
    foreach ($val as $k => $v) {
        unset($process[$key][$k]);
        if (is_array($v)) {
            $process[$key][stripslashes($k)] = $v;
            $process[] = &$process[$key][stripslashes($k)];
        } else {
            $process[$key][stripslashes($k)] = stripslashes($v);
        }
    }
}
unset($process);}
 ?>

add this to your php page which has insert/update query :)

Gewgaw answered 13/6, 2015 at 7:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.