When setting up a site, you should:
A/ write a page with only the function 'phpinfo()' on it.
B/ Call the page phpinfo.php, and put it in your document root.
C/ Now tell us the location of your site so we can all view all your security information :-)
<wink> do only A above and see if you have 'magic_quoutes_gpc' on, then delete the page:
http://us4.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc
or, you can just do a loop on your GET/POST/COOKIE variables after testing if magic quotes is on using:
'get_magic_quotes_gpc()' to see if you need to strip them off.
if( get_magic_quotes_gpc() ){ reset $_GET; | while (list($key, $value) = each ($_GET)) { $_GET[$key]= stripslashes($value); } | reset $_POST; | while (list($key, $value) = each ($_POST)) { $_POST[$key]= stripslashes($value); } | reset $_COOKIE; | while (list($key, $value) = each ($_COOKIE)) { $_COOKIE[$key]= stripslashes($value); } ||}|
Magic quotes is to prepare input for databases.
It **MAY** be possible to turn it off **BEFORE** the slashes get added in your '.htaccess' file using:
php_value magic_quotes_gpc 0 php_value magic_quotes_sybase 0
"Hull, Douglas D" <[EMAIL PROTECTED]> wrote: <quote -----------------------------------------------------> As John H told me (which is true) I should run my words through htmlentities. I have a textarea in a form for individuals to type in a list of words. From there I place these words in an array and then perform calculations and echo the words back out with the resulting calculations. But if one enters: w' my word ends up w\' I have tried using htmlentities in my array and other places (to take the slash out) but to no avail. Here is what I tried when putting my words in my array:
$zchrpos = 0; $tok = strtok($zwords, " \r"); while ($tok !== FALSE) { $toks[] = htmlentities(trim($tok)); $tok = strtok(" \r"); $zchrpos++; }
Any help would be appreciated, Doug </quote ----------------------------------------------------->
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php