Yup, what Mykeul said. PHP doesn't add slashes to *any* POST data, it
adds it to any post data *if and only if* the magi_quotes_gpc settings
is present and flagged to true. Therefore, I suggest code at the top of
the program (probably in main.inc?) that runs through the POST and GET
variables and strips slashes only if magic_quotes is turned on.
Alternatively, we could add slashes if magic_quotes is not turned on and
then strip them at output.
There are several examples of code that do just that here:
http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul <[EMAIL PROTECTED]> wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones <[EMAIL PROTECTED]> wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail
and put quotes around something or use a single quote. The message ends
up
like this:
He said \"Hi\"
and
Wouldn\'t you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
<[EMAIL PROTECTED]>
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except
in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean
