> > Just curious, but why are you having to stripslashes() on the data coming
> > out of the database? Do you have magic_quotes_runtime enabled on your
> server?
>
>I honestly don't know... all I know is that I'm adding slashes on the
>way into the database, and stripping them on the way out, because
>without them, I was getting errors / slashes everywhere.
>
>It's a shared server at an ISP, so I don't have any real control. i
>seem to be having the same "problem" on my office test server too (where
>I DO have control, but I'm keen to keep both environments as close to
>the same as possible.
Normally the data INSIDE your database should not contain any slashes other
than actual literal slashes. If your data INSIDE does contain slashes,
they were most likely added a second time by mistake. This usually happens
when you have a script that calls addslashes() on data being entered while
at the same time having magic_quotes_gpc enabled. This means that
magic_quotes_gpc performs an implicit addslashes() and your script is
performing a additional, unnecessary addslashes() AGAIN.
Another cause for this issue is that your server has magic_quotes_runtime
enabled. If this setting is enabled, then ANY data from any external
source will have addslashes() performed on it, including data that is
returned from an SQL query.
The first case is, IMHO, an actual problem, and the second case is merely a
nuisance.
In my opinion, is it MUCH easier to code your applications to assume that
NEITHER magic_quotes_gpc or magic_quotes_runtime will be enabled. I've
found it's much less confusing to manually addslashes() when I need to than
to go around stripping them out because too many were added in the first
place. And if you are ever afraid that your script might be used in an
environment that has these settings enabled, you can always explicitly
disable them by:
ini_set("magic_quotes_gpc","off");
ini_set("magic_quotes_runtime","off");
Or if you use Apache and your script directory has an AllowOverride of at
least Options, you can set the following in an .htaccess:
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
Anyway...if you're curious as to which setting your ISP is using you can
create a script that calls phpinfo() and read the output...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
