ID: 28779 Updated by: [EMAIL PROTECTED] Reported By: john at pearcey dot net -Status: Closed +Status: Bogus Bug Type: HTTP related Operating System: Windows XP 5.1.2600 PHP Version: 4CVS-2004-06-14 (stable) New Comment:
It's still bogus. Previous Comments: ------------------------------------------------------------------------ [2004-06-14 20:57:36] john at pearcey dot net Thanks for your reply - I didn't even think it might be a special reature!! Sorry to have bothered you and thanks for your help. ------------------------------------------------------------------------ [2004-06-14 19:16:51] [EMAIL PROTECTED] The problem you're experiencing is unrelated to the decoding of the post variables. (Which is actually working fine) In your php.ini file you have magic_quote_gpc set to 'on'. When this option is enabled PHP will automatically add backslashes to ' and " characters received via GET, POST, or COOKIE. It's meant to make it trivial to avoid SQL injection attacks, but in practice tends to be more of an annoyance. Either: (A) Turn off magic_quotes_gpc, or (B) Use stripslashes() to remove the effects of M_Q_GPC See Also: http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc http://www.php.net/get_magic_quotes_gpc ------------------------------------------------------------------------ [2004-06-14 18:15:23] john at pearcey dot net Description: ------------ I am using the Java class HttpURLConnection to post variables to a php script and I'm encoding them using URLEncoder (UTF-8). The POST variables do not seem to be decoded correctly when a double or single quote is in the stream. A backslash character is prepended to it making it impossible for me to send for example: select * from MyTable where MyColumn="brill" I end up with select * from MyTable where MyColumn=\"brill\" I have checked the string going to the server and it lookes like this for the example above: select+*+from+MyTable+where+MyColumn%3D%22brill%22 which of course is correct for UTF-8. I have not tested this on Linux. Reproduce code: --------------- HttpURLConnection l_connection = (HttpURLConnection)m_url.openConnection(); l_connection.setDoOutput( true ); String l_postVars = URLEncoder.encode("MySQL", "UTF-8") + "=" + URLEncoder.encode("select * from MyTable where MyColumn=\"brill\"", "UTF-8"); OutputStreamWriter l_os = new OutputStreamWriter( l_connection.getOutputStream() ); l_os.write( l_postVars, 0, l_postVars.length() ); l_os.flush(); PHP code: echo $_POST['MySQL']; Expected result: ---------------- select * from MyTable where MyColumn="brill" Actual result: -------------- select * from MyTable where MyColumn=\"brill\" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28779&edit=1
