I got a email today from Dirk Jan Datema from Radio Netherlands (some of
you may remember him from SummerCamp 2006), who wrote in regarding magic
quotes. Here's the relevant part of the email:
Today I bumpled into a PHP problem that can give a lot of problems.
Since CAMPware writes most code in PHP, I wanted to share this with you
since it might apply to your code.
PHP offers a functionality called "Magic Quotes". This functionality will
automatically adds slashes to any submitted HTML form data or cookies.
It is especially intended for characters like ' " and \ . The function
can be switched on and off in the configuation file (php.ini).
Switching the parameter on/of has most likely influence on the PHP that
needs to be (re)written.
If the function is on, then you need to strip the slashes when you readback
the submitted parameters (e.g. with stripslashes())
Since this option gives messy code (I took me a long time to understand why
this stripping was needed) since I didn't add additional slashes (e.g using
addslashes())
Furthermore, this option will not be supported anymore from PHP 6.0.0 on.
If your code is written with Magic Quotes on, then you might have to
rewrite all code that is related to reading submitted (posted) variables.
If the internal representation of your variables contains additional
slashes (instead of adding them where applicable) you also might have to
rewrite code that
* generates HTML code from PHP variables
* generates SQL queries from PHP variables (lacking a call to
addslashes())
* generates (Linux) shell commands from PHP variables
* ...
Thank you, I added a task to check this issue in Campsite, although Campsite
works both ways: with magic quotes on or off.
Mugur
On Jan 10, 2008 5:19 PM, wrote:
> Hi all,
>
> I got a email today from Dirk Jan Datema from Radio Netherlands (some of
> you may remember him from SummerCamp 2006), who wrote in regarding magic
> quotes. Here's the relevant part of the email:
>
>
>
> Today I bumpled into a PHP problem that can give a lot of problems.
> Since CAMPware writes most code in PHP, I wanted to share this with you
> since it might apply to your code.
>
> PHP offers a functionality called "Magic Quotes". This functionality will
> automatically adds slashes to any submitted HTML form data or cookies.
> It is especially intended for characters like ' " and \ . The function
> can be switched on and off in the configuation file (php.ini).
> Switching the parameter on/of has most likely influence on the PHP that
> needs to be (re)written.
> If the function is on, then you need to strip the slashes when you
> readback
> the submitted parameters (e.g. with stripslashes())
>
> Since this option gives messy code (I took me a long time to understand
> why
> this stripping was needed) since I didn't add additional slashes (e.gusing
> addslashes())
> Furthermore, this option will not be supported anymore from PHP 6.0.0 on.
>
> If your code is written with Magic Quotes on, then you might have to
> rewrite all code that is related to reading submitted (posted) variables.
>
> If the internal representation of your variables contains additional
> slashes (instead of adding them where applicable) you also might have to
> rewrite code that
>
> * generates HTML code from PHP variables
> * generates SQL queries from PHP variables (lacking a call to
> addslashes())
> * generates (Linux) shell commands from PHP variables
> * ...
>
> You can find more information on:
> http://nl2.php.net/magic_quotes
> http://www.webmasterstop.com/63.html
>
> I hope you don't use magic quotes, but if you do, you will be in time for
> a
> redesign.
>
> With kind regards,
>
> Dirk Jan Datema
> Radio Netherlands Worldwide
>
>
>
> The question is: Are we using magic quotes? Will this be a problem?
>
> doug
>
>
>