Entry
AddSlashes keeps being run automatically. What's happening?
Why are the apostrophes and quotes in my form data always doubled up?
How do I stop my multi page form elements from looking like this: foobar\\\\\\\\'s?
Feb 25th, 2002 23:56
Philip Olson, Nathan Wallace, Ben Udall,
PHP can be set up to _run_ addslashes() automagically on every Get Post
and Cookie variable that it imports. This is determined by the value of
the magic_quotes_gpc directive/setting in your php.ini file. See:
magic_quotes_gpc
http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc
The slashes are needed when you are inserting information into a
database. For human consumption you can use the stripslashes() function
to remove slashes from these variables. See the following PHP manual pages:
stripslashes()
http://www.php.net/stripslashes
addslashes()
http://www.php.net/addslashes
Also note that get_magic_quotes_gpc() exists:
get_magic_quotes_gpc()
http://www.php.net/get_magic_quotes_gpc
A fairly common problem is for people to use addslashes() on already
magically quoted data so doing this escapes the previous escapes, which
causes bogus amounts of \\\ everywhere! Don't do that! :) To
demonstrate, see the following:
$data = "I'm having fun";
$data = addslashes($data);
print $data; // I\'m having fun
$data = stripslashes($data);
print $data; // I'm having fun
$data = addslashes($data);
print $data; // I\'m having fun
$data = addslashes($data);
print $data; // I\\\'m having fun
$data = addslashes($data);
print $data; // I\\\\\\\'m having fun
$data = stripslashes($data);
print $data; // I\\\'m having fun
Also notice the magic_quotes_sybase directive, which is described here:
http://www.php.net/manual/en/configuration.php#ini.magic-quotes-sybase
The default for magic_quotes_gpc is On. Also it's worth mentioning that
magic_quotes_runtime does NOT affect magic_quotes_gpc, they are totally
different directives. magic_quotes_gpc cannot be set within a script,
using .htaccess is as close as you'll get.
