On Wed, Sep 15, 2004 at 10:04:11PM +1000, Voytek wrote: > I've inherited a small php contents management systems, basically, it all > works fine, except, when you're editing text that contains characters such > as as an apostrophy in "at's.", it's written to the database as "at\'s.", > and, displays incorrectly. > if I bring it up for an re-edit, it now shows as:"at\\\'s."
And then you save it back and it'll be "at\\\\\\\'s", and before you know it your entire article is backslashes... <grin> The problem is that PHP has a few rather annoying nanny features in it. I presume that the information you're writing to the database is coming from an external source, such as $_POST or $_GET (or their non-superglobal equivalents). If so, you're falling foul of the "magic_quotes_gpc" setting in PHP. Basically, it works by automatically escaping anything that might look a touch shady, like single quotes (in fact, I think it's basically only single-quotes, but you get the drift). Turning this off is a lovely start, as is putting something in the very, very top of your code to check if magic_quotes_gpc is set and running stripslashes over everything in $_POST before doing anything else. Alternately you could stop running mysql_quote() (or equivalent) before you store in the database, but then when magic_quotes_gpc gets turned off (or they finally see the register_globals light and get the hell rid of it entirely) you'll be leaving yourself open to SQL injection attacks. Make sense? If not, let me know and I'll try explaining it better when it's *not* midnight... - Matt
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
