[RESOLVED] backslashes

justins

My server runs php5.3, so magic quotes is deprecated.

So why, then, when I pass text containing an escape character from one page to another are backslashes added?

//page 1

<form id="form1" method="post" action="page2.php">
Enter text here
<input type="text" name="text" id="text" />
<input type="submit" name="button" id="button" value="Submit" />
</form>

//enter text (including quotes) "hello" and submit

//page 2

<?
$text = $_POST["text"];

echo "Text entered: $text";
?>

//result:

Text entered: \"hello\"

bradgrafelman

justins;10998966 wrote:
My server runs php5.3, so magic quotes is deprecated.

Magic quotes are deprecated regardless of which version of PHP your server is running. 😉

justins;10998966 wrote:
So why, then, when I pass text containing an escape character from one page to another are backslashes added?

Probably because magic quotes are enabled.

Bonesnap

Deprecated doesn't mean gone. It just means you shouldn't use.

Derokorian

Upgrade to php 5.4 and magic quotes have been removed completely!

Bonesnap

Somewhat related: As of WordPress 3.0, slashes are added to the $POST, $GET, and $COOKIE variables regardless of the settings in php.ini. Very frustrating, to say the least. They also force the $REQUEST variable to only be a combination of $POST and $GET.

In the wp-settings.php file the following function call has to be commented out to avoid this:

// Add magic quotes and set up $_REQUEST ( $_GET + $_POST )
wp_magic_quotes();

EDIT: The wp_magic_quotes() function also adds slashes to the $_SERVER superglobal as well.

justins

bradgrafelman;10998968 wrote:
Magic quotes are deprecated regardless of which version of PHP your server is running. 😉

Probably because magic quotes are enabled.

um...There isn't any php.ini in that directory and I had assumed that therefore php would use the default settings for that version and that they would be magic_quotes: off. Seems this is not so - will get on to my ISP

bradgrafelman

Do a [man]phpinfo/man and you can find out:

The location (if any) of the default php.ini file that was parsed
The location (if any) of any per-user .ini file that was parsed
The local default value of magic_quotes_gpc
The master default value of magic_quotes_gpc

Note that I did say "probably" because we don't know for sure whether or not the magic quotes feature is the culprit; you'll need to look at a phpinfo() readout and figure out the above information in order to confirm this.

justins

magic_quotes was on by default in the master php.ini file. ISP have no changed it to off on my request...