I am using Doctrine ORM for php and Zend MVC. I have a mysql database. When I insert into the database it is escaping quotes. In other-words when I enter
<input name="customer_name" value="Test'ed user"> ...
into my form, and assign to a doctrine object and save.
When I look at the database through the mysql command line I get
Test\'ed user
Is there a way to disable this or do I have to call stripslashes() on each variable?
Check for magic_quotes_gpc being enabled, either by looking at php.ini or running get_magic_quotes_gpc().
If you have access to php.ini, then turn it off. Otherwise you'll need to remove the slashes in your scripts using stripslashes().
You can avoid the magic_quotes_gpc plague altogether by adding something like this to the top of your pages:
if(get_magic_quotes_gpc()) {
if(!function_exists('stripishlashes_all')) {
function stripslashes_all(&$data) {
foreach($data as &$_value) {
if(is_array($_value)) {
stripslashes_all($_value);
}
else {
$_value = stripslashes($_value);
}
}
}
}
stripslashes_all($_REQUEST);
}
Very useful when your code is running on a server you don't have complete control over, or if you plan to distribute it.