[campsite-dev] magic quotes?
  • Hi all,

    I got a email today from Dirk Jan Datema from Radio Netherlands (some of
    you may remember him from SummerCamp 2006), who wrote in regarding magic
    quotes. Here's the relevant part of the email:



    Today I bumpled into a PHP problem that can give a lot of problems.
    Since CAMPware writes most code in PHP, I wanted to share this with you
    since it might apply to your code.

    PHP offers a functionality called "Magic Quotes". This functionality will
    automatically adds slashes to any submitted HTML form data or cookies.
    It is especially intended for characters like ' " and \ . The function
    can be switched on and off in the configuation file (php.ini).
    Switching the parameter on/of has most likely influence on the PHP that
    needs to be (re)written.
    If the function is on, then you need to strip the slashes when you readback
    the submitted parameters (e.g. with stripslashes())

    Since this option gives messy code (I took me a long time to understand why
    this stripping was needed) since I didn't add additional slashes (e.g using
    addslashes())
    Furthermore, this option will not be supported anymore from PHP 6.0.0 on.

    If your code is written with Magic Quotes on, then you might have to
    rewrite all code that is related to reading submitted (posted) variables.

    If the internal representation of your variables contains additional
    slashes (instead of adding them where applicable) you also might have to
    rewrite code that

    * generates HTML code from PHP variables
    * generates SQL queries from PHP variables (lacking a call to
    addslashes())
    * generates (Linux) shell commands from PHP variables
    * ...

    You can find more information on:
    http://nl2.php.net/magic_quotes
    http://www.webmasterstop.com/63.html

    I hope you don't use magic quotes, but if you do, you will be in time for a
    redesign.

    With kind regards,

    Dirk Jan Datema
    Radio Netherlands Worldwide



    The question is: Are we using magic quotes? Will this be a problem?

    doug
  • 1 Comment sorted by
  • Thank you, I added a task to check this issue in Campsite, although Campsite
    works both ways: with magic quotes on or off.

    Mugur

    On Jan 10, 2008 5:19 PM, wrote:

    > Hi all,
    >
    > I got a email today from Dirk Jan Datema from Radio Netherlands (some of
    > you may remember him from SummerCamp 2006), who wrote in regarding magic
    > quotes. Here's the relevant part of the email:
    >
    >
    >
    > Today I bumpled into a PHP problem that can give a lot of problems.
    > Since CAMPware writes most code in PHP, I wanted to share this with you
    > since it might apply to your code.
    >
    > PHP offers a functionality called "Magic Quotes". This functionality will
    > automatically adds slashes to any submitted HTML form data or cookies.
    > It is especially intended for characters like ' " and \ . The function
    > can be switched on and off in the configuation file (php.ini).
    > Switching the parameter on/of has most likely influence on the PHP that
    > needs to be (re)written.
    > If the function is on, then you need to strip the slashes when you
    > readback
    > the submitted parameters (e.g. with stripslashes())
    >
    > Since this option gives messy code (I took me a long time to understand
    > why
    > this stripping was needed) since I didn't add additional slashes (e.gusing
    > addslashes())
    > Furthermore, this option will not be supported anymore from PHP 6.0.0 on.
    >
    > If your code is written with Magic Quotes on, then you might have to
    > rewrite all code that is related to reading submitted (posted) variables.
    >
    > If the internal representation of your variables contains additional
    > slashes (instead of adding them where applicable) you also might have to
    > rewrite code that
    >
    > * generates HTML code from PHP variables
    > * generates SQL queries from PHP variables (lacking a call to
    > addslashes())
    > * generates (Linux) shell commands from PHP variables
    > * ...
    >
    > You can find more information on:
    > http://nl2.php.net/magic_quotes
    > http://www.webmasterstop.com/63.html
    >
    > I hope you don't use magic quotes, but if you do, you will be in time for
    > a
    > redesign.
    >
    > With kind regards,
    >
    > Dirk Jan Datema
    > Radio Netherlands Worldwide
    >
    >

    >
    > The question is: Are we using magic quotes? Will this be a problem?
    >
    > doug
    >
    >
    >