[PHP] Re: Kill Magic Quotes

2008-08-07 Thread Roger Bigras 

you may try the

ini_set('magic_quotes_gpc',0);

note, this line should be the first line of code.
also make sure that that your php opener is the first line in your script.

1. ?PHP
2. ini_set('magic_quotes_gpc',0);
3. # the rest of your script

The following won't work
1.
2. ?PHP
3. ini_set('magic_quotes_gpc',0);
4. # the rest of your script

Also a heads up for all readers,
Warning
This feature is DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this 
feature is highly discouraged


in php 6 the quotes will not be magically added.


Dave M G wrote:

PHP List,

I am developing a web site that is hosted on a web server where I do not 
have permission to change the php.ini file.


This server has magic quotes turned on. I'd like them off.

I wrote two functions to detect when magic quotes is on, and to try and 
counter act its effects. But it does not seem to be working. It seems to 
have no effect, and I get slashes showing up in all sorts of output 
where I don't want them. Not only in data put into the database, but 
also emails sent to from the site contact page and other places.


Here are the functions I created. Where have I gone wrong?

 public static function removeSlashes($string)
 {
  // Check if Magic Quotes is turned on.
  if (get_magic_quotes_gpc())
  {
// Remove escape slashes.
return stripslashes($string);
  }
  // Return a string that has no escape slashes.
  return $string;
 }

 public static function restoreSlashes($string)
 {
  // Check if Magic Quotes is turned on.
  if (get_magic_quotes_gpc())
  {
// Add escape slashes.
return addslashes($string);
  }
  // Return a string that has escape slashes.
  return $string;
}

Any advice much appreciated.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Kill Magic Quotes

2008-08-07 Thread Chris 

Roger Bigras wrote:

you may try the

ini_set('magic_quotes_gpc',0);


RTM.

http://www.php.net/get_magic_quotes_gpc

It cannot be enabled/disabled at run time. It has to either be done in a 
.htaccess or through apache/php.ini changes.


See this page for how to disable it:

http://www.php.net/manual/en/security.magicquotes.disabling.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Kill Magic Quotes

2008-08-07 Thread viraj 
On Fri, Aug 8, 2008 at 9:05 AM, Chris [EMAIL PROTECTED] wrote:
 http://www.php.net/get_magic_quotes_gpc

 It cannot be enabled/disabled at run time. It has to either be done in a
 .htaccess or through apache/php.ini changes.

afaik, turning off/on 'magic_quotes_sybase' is a workaround.

it overrides the 'magic_quotes_gpc' and can be manipulated through ini_set

php.net says
 magic_quotes_sybaseIf enabled, a single-quote is escaped with a
single-quote instead of a backslash. If on, it completely overrides
magic_quotes_gpc. Having both directives enabled means only single
quotes are escaped as ''. Double quotes, backslashes and NULL's will
remain untouched and unescaped.   See also ini_get() for retrieving
its value.
/php.net says


~viraj


 See this page for how to disable it:

 http://www.php.net/manual/en/security.magicquotes.disabling.php

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Kill Magic Quotes

2008-08-07 Thread Ross McKay 
Dave M G wrote:
I am developing a web site that is hosted on a web server where I do not 
have permission to change the php.ini file.

This server has magic quotes turned on. I'd like them off.

I wrote two functions to detect when magic quotes is on, and to try and 
counter act its effects. But it does not seem to be working. It seems to 
have no effect, and I get slashes showing up in all sorts of output 
where I don't want them. Not only in data put into the database, but 
also emails sent to from the site contact page and other places.

Perhaps you also need to disable magic_quotes_runtime:

  set_magic_quotes_runtime(0);  // just call it once per page

Are you sure you actually call your removeSlashes() function?

Why do you think you need your restoreSlashes() function? (NB: not
sufficient for MySQL statements, and not applicable for some other
databases)

Roger Bigras wrote:
you may try the

ini_set('magic_quotes_gpc',0);

That won't work:

http://au.php.net/manual/en/function.get-magic-quotes-gpc.php

Keep in mind that the setting magic_quotes_gpc will not work at
runtime.
-- 
Ross McKay, Toronto, NSW Australia
Let the laddie play wi the knife - he'll learn
- The Wee Book of Calvin

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php