rain13 Posted August 18, 2013 Share Posted August 18, 2013 Hello. I tried to POST '" On my localhost $_POST['test'] shows '" unescaped string exactly as it is On other host that had some old PHP and possibly different configuration as well $_POST['test'] shows '" which as you can see is escaped.Does anyone know what php setting specify wether to escape POST (and possibly GET too?) by default or not? Or what other characters get escaped?I did not call any functions by myself. It's escaped by host PHP itself. My software is coded to work with unescaped $_POST and escaping chars by PHP itself causes it display garbage string in posts since.Is there way to disable this auto escaping by server? Or is there way to detect if it's on? Because if I write function that would unescape whole POST array then on servers that doesn't escape POST data by default it would cause data loss. Link to comment Share on other sites More sharing options...
Mudsaf Posted August 18, 2013 Share Posted August 18, 2013 Your php.ini file prob have magic_quotes enabled. Edit your php.ini and disable it. magic_quotes_gpc = Off Link to comment Share on other sites More sharing options...
rain13 Posted August 19, 2013 Author Share Posted August 19, 2013 Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 19, 2013 Share Posted August 19, 2013 You can use get_magic_quotes_gpc to detect if it is enabled, and use stripslashes on get, post, and cookie data if so. A function like this will get input from either $_GET or $_POST and strip slashes if necessary: function form_var($var, $default = ''){ $retval = $default; if (isset($_POST[$var])) $retval = $_POST[$var]; elseif (isset($_GET[$var])) $retval = $_GET[$var]; if (is_array($retval)) { foreach ($retval as $k => $v) { $retval[$k] = trim($v); if (get_magic_quotes_gpc()) $retval[$k] = stripslashes($v); } } else { $retval = trim($retval); if (get_magic_quotes_gpc()) $retval = stripslashes($retval); } return $retval;} Link to comment Share on other sites More sharing options...
rain13 Posted August 19, 2013 Author Share Posted August 19, 2013 Nice example, however I used one from php.net that patched GET,POST,COOKIE arrays. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now