views:

109

answers:

1

Hi guys, I'm using the Zend framework here - I've noticed that for some reason the information is automatically escaped when it goes into the database - it doesn't do so on my localhost but it escapes automatically on my host. And when data is retrieved its not unescaped so something like 'Chris O'Donnel' goes in as Christ O\' Donnel and comes out the same way?

How can I control this?

+2  A: 

Probably the magic_quotes_gpc option is enabled. It can't be changed at runtime, so you need to get it fixed in the PHP configuration on server.

Lukáš Lalinský
If thats the case so.. is there a workaround for that which I can do in code? asides unescaping everything I retrieve from the database
Ali
If you want to work it around, unescape things *before* you put them into the database (see get_magic_quotes_gpc() for whether it's enabled or not).
Lukáš Lalinský
I believe magic quotes can be disabled using htaccess (assuming you are using Apache and mod_php), so this would be the simplest solution. Add:php_flag magic_quotes_gpc offto the .htaccess file in your public directory.
Tim Fountain
Would this be anyway a security hazard or so? The though just crossed my mind btw...
Ali
Disabling magic_quotes_gpc? No. I'd say having code that depends on magic_quotes_gpc being enabled is a much larger problem.
Lukáš Lalinský