ansaurus

Question

Answer 1

+2 A:

Magic Quotes http://php.net/manual/en/security.magicquotes.php

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does.

Disabling:

Example #1 Disabling magic quotes server side

An example that sets the value of these directives to Off in php.ini. For additional details, read the manual section titled How to change configuration settings.

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

If access to the server configuration is unavailable, use of .htaccess is also an option. For example: php_flag magic_quotes_gpc Off

Mike B 2010-09-08 22:58:10

Although PHP was compiled with `--enable-magic-quotes` on the new server both `magic_quotes_gpc` and `magic_quotes_runtime` are off?!

Abs 2010-09-08 22:59:31

@Abs What is the result of `echo ini_get('magic_quotes_gpc');` after being placed and run in one of your scripts where you're seeing this behavior?

Mike B 2010-09-08 23:00:34

@Mike - this is even stranger - I can't get a return on that! An empty string or a blank space is what I see. I have edited that same script to sow phpinfo and it says that directive is off. Oh wait, thats fine since its set to off - it won't show anything, right?

Abs 2010-09-08 23:08:42

Answer 2

+1 A:

better use: var_dump(ini_get('magic_quotes_gpc'));

this will result in: string(1) "1" if enabled, or string(0) "" if disabled.

im suspecting you'll get the first option displayed in your script so you'd probably want to include this:

php_value magic_quotes_gpc off
php_value magic_quotes_runtime off

in a .htaccess file. Assuming your host allows override by .htaccess this should be fine.

Amelia 2010-09-08 23:30:05

I get `string(0) ""` returned! I am pretty sure magic quotes is off. Plus does magic quotes effect what is returned from the database and printed? I thought it was on for global request variables?

Abs 2010-09-09 00:04:48

it's off. So that can't be it. Did you move your database aswell? And if so, could it be during copying those escapes got inserted? As in, are those backslashes now stored in your db?

Amelia 2010-09-09 00:16:53

@Amelia - good question. Investigating.

Abs 2010-09-09 09:57:55

@Amelia - can you update your answer, you were spot on in your comments that the slashes were actually in my DB! I did transfer my DB over, I have no idea why mysql would do that automatically! Thank you very much for your help! :)

Abs 2010-09-09 23:26:02

That probably happened either by the script you used to export the database and/or import to its new location. My bet would be you used 'CSV using LOAD DATA' to import your data without removing the default escape character '\' in the corresponding field.

Amelia 2010-09-20 16:30:53

ansaurus

tags:

views:

answers:

What directive is causing this?

related questions