At 10:57 AM 12/13/2001 -0500, Asendorf, John wrote:
>OK, maybe I'm just off my rocker or have something set incorrectly or
>something, but...
>
>What's the deal with magic quotes?
>
>you turn it on, and it automatically performs the addslashes for data being
>entered into databases, right? But it doesn't automatically run
>stripslashes when you retreive the data. Is this accurate or am I doing
>something wrong?
It is accurate. There is no need to stripslashes for data coming back out
of the database, normally. The slashes are used to escape special
characters (such as the single quote) in query strings, but those slashes
don't actually go inside the database. In other words if you have:
INSERT INTO table VALUES ('Mike\'s query')
...the data is entered as:
Mike's query
The slash is never actually put inside. So when you retrieve the data, it
comes out as "Mike's query".
Now this is all true assuming you don't have "magic_quotes_runtime" turned
on in your PHP.INI. While "magic_quotes_gpc" automatically escapes data
that is a result of a GET, POST, or cookies, "magic_quotes_runtime" escapes
ANY external data, INCLUDING data you get from databases. In that case,
you would need to manually use stripslashes() on data that you want to display.
Another possibility is that you have a program designed for a
"magic_quotes_gpc" setting of 0, and you have it set to 1. The program is
manually escaping the strings already, and then the server is doing it
again a SECOND time. In such an environment you'd end up getting something
like:
INSERT INTO table VALUES ('Mike\\\'s query')
...and the data WOULD be entered as:
Mike\'s query
This is just my opinion only, but it was exactly issues like these that
caused me to turn OFF magic_quotes_gpc. In my opinion this setting causes
more headaches than it's worth. I wish that php.ini-dist didn't have it
enabled by default. I suppose that's what I get for not using
php.ini-optimized.
The problem with shutting this setting off is that some scripts require
it. The biggest example of this is phpMyAdmin. In this case what I do is
create an .htaccess file that sets the option selectively for certain
directories. The contents are like:
php_flag magic_quotes_gpc on
This requires that your AllowOverride directive to be set to "Options" in
your httpd.conf.
I wouldn't know how to acheive this same per-directory configuration on a
machine running IIS. Maybe an IIS/PHP guru reading this can chime in.
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
