Solved

Escaping (') and (") with magic_quotes_gpc on

Posted on 2008-06-10
2
462 Views
Last Modified: 2013-12-13
Server configuration

Directive                              Local Value                Master Value
magic_quotes_gpc                    On                               On
magic_quotes_runtime             Off                               Off
magic_quotes_sybase              Off                               Off

Commercial hosting cannot touch php.ini

Problem, I need to carry posted data from user over 4 different pages on the fifth pages sql query to insert the data, at this point I'm using hidden fields in the form, so basically user fill a form go to the next page information is displayed as well as some other fields, the information displayed is also in the new form as hidden value and then we go to the next page and so on.

This work alright untill somebody use (") than wathever is after the first that is being cut off, I tried mysql_real_escape_string, addslashes, stripslashes etc and I cannot get it right.

Any advice would be greatly appreciated.
0
Comment
Question by:gamebits
2 Comments
 
LVL 2

Accepted Solution

by:
yerfdoggy earned 500 total points
ID: 21757269
You could try using this function at the beginning of each script you are passing the POST vars into. It resolves the confusion of of magic_quotes_on == true/false. Use it like this:

$arrCleanPost = cleanup($_POST);

Thereafter, in each script, use $arrCleanPost instead of $_POST. All slashes will have been removed, so at least you know where you are starting from.

/**
 * FUNCTION: cleanup
 * puts data into standard form irrespective of php.ini magic_quotes_gpc on/off
 **/
function cleanup($arrDirtyData)
{
    $arrCleanData = array();
    if (get_magic_quotes_gpc())
    {
        foreach ($arrDirtyData as $key=>$value)
        {
                  if (is_string($value))
                        $arrCleanData[$key] = stripslashes($value);
                  else
                        $arrCleanData[$key] = $value;
        }
    }
    else
    {
        foreach ($arrDirtyData as $key=>$value)
        {
            $arrCleanData[$key] = $value;
        }
    }
    return $arrCleanData;
}
0
 
LVL 28

Author Comment

by:gamebits
ID: 21778160
Thank you for your reply yerfdoggy although your solution work I found another way to do what I want, for future reference here is what I do

The first time I'm using the posted data I clean up the data by using stripslashes and then I save the data in a session, if on a subsequent page I need to display the data I just echo the session variable, when I'm ready to insert the data in the database I use mysql_real_escape_string() function to sanitize the data in the session prior to send it to the database.

The data will be saved in the db with all the quotation mark escaped as well as the newline and return characters.

To display the data from the db I use nl2br() function.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Healthcheck 2 84
PHP7 and Sql Server Windows 2008 R2 13 85
Split long text string into shorter chunks 7 22
How can I echo a PHP variable in AJAX function? 7 32
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now