It's called "magic quotes".
delnan
2010-08-19 19:01:52
Doh! I didn't think of that. I hate when the simple things get by me. +1
cdburgess
2010-08-19 19:04:16
Wow I clearly didn't take my coffee this morning... There's even problems in my example's work.
2010-08-19 19:12:03
+1
A:
You can and should disable magic quotes.
prefered mode
set them off in php.ini
.htaccess mode
add this to your htaccess file
php_flag magic_quotes_gpc off
php5 runtime mode
<?php
if (get_magic_quotes_gpc()) {
function stripslashes_gpc(&$value)
{
$value = stripslashes($value);
}
array_walk_recursive($_GET, 'stripslashes_gpc');
array_walk_recursive($_POST, 'stripslashes_gpc');
array_walk_recursive($_COOKIE, 'stripslashes_gpc');
array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
?>
php4 runtime mode
<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>
Welcome to the magic_quotes hatter's club! :)
Frankie
2010-08-19 19:07:40
A:
You probably have magic quotes turned on. This automatically escapes GET, POST and COOKIE data. Magic quotes is bad and should not be relied upon to properly escape data.
If you have access to php.ini, you can turn magic quotes off.
If you don't, you can run stripslashes on the data to remove the slashes. In order to make your code portable, you should first check get_magic_quotes_gpc() to see if it is turned on and only then run stripslashes. In this way, if you move your code to a server that has magic quotes turned off, your code will still work.
if(get_magic_quotes_gpc()) {
$a = stripslashes($_GET["var"]);
}
else $a = $_GET["var"];
Rupert
2010-08-19 19:09:39