Geek Answers Handbook

How to prevent the addition of a slash database

I know this sounds very common and so trivial, but I have a problem here. I have a website with Zend / Doctrine and I use ckeditor to manage the backend. after loading the site, I realized that while editing testing, the appearance of the site was messed up.

using firebug, I saw that there are slashes in html. after the integrated edition, the appearance returned to normal. There are so many files, I cannot think of another decoding before outputting data from mysql.

What options should I solve this problem. the site has already ended, and I feel a little uncomfortable with this. Can someone tell me? thanks

+7
source share
5 answers

I thank everyone for their help. Indeed, the decision made should be what @Stanislav Palatnik had. just that it did not work with my .htaccess. The hosting server was good enough to put php.ini in its public_html, which allowed me to change it. So, +1 to @Stanislav Palatnik, because he pointed out the problem. I also found interesting information that I thought I would share if someone was in my situation.

info from: http://support.godaddy.com/groups/web-hosting/forum/topic/how-to-turn-off-magic_quotes_gpc/ Yes – the solution below worked for me: (1) First of all do not try to turn off the magic quotes in your .htaccess file, it won't work on godaddy. (2) Second, if you're running PHP5 on your account, rename your php.ini file to php5.ini, make sure it's in your root folder. (3) Third, make sure all the lines in your php5.ini file end in a semi colon ; (4) Fourth, add this line to your php5.ini file: magic_quotes_gpc = Off;

on the same page, someone said that this is not only magic_quotes_gpc, but also others, as shown below:

 magic_quotes_gpc = Off; magic_quotes_runtime = Off; magic_quotes_sybase = Off;

Hope this helped someone. Special thanks to @Stanislav Palatnik

+4
source

It could be magic_quotes_gpc . Can you check that it is turned off?

Here is a way to disable it: http://php.net/manual/en/security.magicquotes.disabling.php

Sets the magic_quotes state for GPC operations (Get / Post / Cookie). When magic_quotes is enabled, all '(single quote), "(double quote), \ (backslash), and NUL are automatically reset using a backslash.

Also, do you use prepared statements? PHP PDO / MySQLI will automatically work for you. Depends on the type of queries you are using.

+9
source

It seems that you are getting double evacuation before inserting into your database. Do you mysql_real_escape_string or addslashes before inserting data into the database? If so, you might want to use stripslashes before inserting your data as follows:

 mysql_real_escape_string(stripslashes($data));

Or you could theoretically call stripslashes after you retrieve the data from the database:

 stripslashes($data);

The second approach is less desirable. It would be better if the data were correctly stored in the database.

+5
source

If this is a magic quote, and as I recall, you have access to your application.ini, you can add the following and try to try

 phpSettings.magic_quotes_gpc = 0 phpSettings.magic_quotes_runtime = 0

This still requires your user / user group to allow changing php default settings;)

+2
source 
  <?php if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process);} ?>

add this to your php page asking for insert / update :)

0
source

More articles:


All Articles