[campcaster-dev] magic quotes?
-
Hi all,
I got a email today from Dirk Jan Datema from Radio Netherlands (some of
you may remember him from SummerCamp 2006), who wrote in regarding magic
quotes. Here's the relevant part of the email:
Today I bumpled into a PHP problem that can give a lot of problems.
Since CAMPware writes most code in PHP, I wanted to share this with you
since it might apply to your code.
PHP offers a functionality called "Magic Quotes". This functionality will
automatically adds slashes to any submitted HTML form data or cookies.
It is especially intended for characters like ' " and \ . The function
can be switched on and off in the configuation file (php.ini).
Switching the parameter on/of has most likely influence on the PHP that
needs to be (re)written.
If the function is on, then you need to strip the slashes when you readback
the submitted parameters (e.g. with stripslashes())
Since this option gives messy code (I took me a long time to understand why
this stripping was needed) since I didn't add additional slashes (e.g using
addslashes())
Furthermore, this option will not be supported anymore from PHP 6.0.0 on.
If your code is written with Magic Quotes on, then you might have to
rewrite all code that is related to reading submitted (posted) variables.
If the internal representation of your variables contains additional
slashes (instead of adding them where applicable) you also might have to
rewrite code that
* generates HTML code from PHP variables
* generates SQL queries from PHP variables (lacking a call to
addslashes())
* generates (Linux) shell commands from PHP variables
* ...
You can find more information on:
http://nl2.php.net/magic_quotes
http://www.webmasterstop.com/63.html
I hope you don't use magic quotes, but if you do, you will be in time for a
redesign.
With kind regards,
Dirk Jan Datema
Radio Netherlands Worldwide
The question is: Are we using magic quotes? Will this be a problem?
doug
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339