views:

104

answers:

2

I am using Doctrine ORM for php and Zend MVC. I have a mysql database. When I insert into the database it is escaping quotes. In other-words when I enter

<input name="customer_name" value="Test'ed user"> ...

into my form, and assign to a doctrine object and save.

When I look at the database through the mysql command line I get

Test\'ed user

Is there a way to disable this or do I have to call stripslashes() on each variable?

+2  A: 

Check for magic_quotes_gpc being enabled, either by looking at php.ini or running get_magic_quotes_gpc().

If you have access to php.ini, then turn it off. Otherwise you'll need to remove the slashes in your scripts using stripslashes().

Ben James
So simple. Haven't used a server with that enabled in so long I forgot about that one! THANKS
Byron Whitlock
+1  A: 

You can avoid the magic_quotes_gpc plague altogether by adding something like this to the top of your pages:

if(get_magic_quotes_gpc()) {
    if(!function_exists('stripishlashes_all')) {
        function stripslashes_all(&$data) {
            foreach($data as &$_value) {
                if(is_array($_value)) {
                    stripslashes_all($_value);
                }
                else {
                    $_value = stripslashes($_value);
                }
            }
        }
    }
    stripslashes_all($_REQUEST);
}

Very useful when your code is running on a server you don't have complete control over, or if you plan to distribute it.

Atli
Be careful, this will not work if $_REQUEST contains arrays!
Ben James
Good point, Ben. I've updated the code to fix that.
Atli
Nice trick. Thanks.
Byron Whitlock