Re: [php-list] _POST

Sat, 20 Oct 2007 17:58:03 -0700 

----- Original Message ----- 
From: "costasb5"

Hi fellow php'ers,

I am developing a page and i have the following problem:

In a form, i have a textarea element called "elem". When someone types
in there the string

I've gone

and submits, then:
1. in my local, Easyphp implementation,
   print $_POST['elem'];
   correctly produces
   I've gone

2. in my live implemention with a web hosting company:
   print $_POST['elem'];
   produces the altered
   I\'ve gone

(watch the backslash). Is there any way that I can get rid of that
extra backslash? It gets stored in the database, displayed everywhere,
just can't make it go away. I've tried htmlentities to filter the
$_POST['elem'], doesn't work.

Anyone hjas seen this problem before? Easyphp does it right, as
expected. Why does my web hosting company mess it up?

Thank you in advance,
Costas
-----------------------------
Hi Costas,
               This is the result of a php config setting "magic_quotes_gpc" 
that cannot be changed at run time.

You can do as someone else said and use stripslashes() on the output and it 
will work on your server but it will not work on other servers that have a 
different "magic_quotes_gpc" setting.

The best way is to use one of the following. The example I have shows _POST 
but the same applies to _GET.

If you want an output that consistently does NOT have slashes then do this -

if(get_magic_quotes_gpc())
  {
  foreach($_POST as $key => $value)
    {
    $_POST[$key] = stripslashes($value);
    }
  }

OR If you want an output that consistently does have slashes then do this -

if(!get_magic_quotes_gpc())
  {
  foreach($_POST as $key => $value)
    {
    $_POST[$key] = addslashes($value);
    }
  }

The same applies to the GET method and cookies etc.

Here is some code I found on php.net -

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_array($array) {
        return is_array($array) ? array_map('stripslashes_array', $array) : 
stripslashes($array);
    }

    $_COOKIE = stripslashes_array($_COOKIE);
    $_FILES = stripslashes_array($_FILES);
    $_GET = stripslashes_array($_GET);
    $_POST = stripslashes_array($_POST);
    $_REQUEST = stripslashes_array($_REQUEST);
}
?>

I would use the above but without _FILES OR _COOKIE. _FILES should never 
have slashes added and _COOKIE values should never need to have slashes 
added.

Thanks, Rob.

Reply via email to