Forum
Unwanted slash on input
Remco
26 February 2009, 21:29
Hi,
I hope someone is able before march 4th.
I've the following configuration:
The problem is: every input by $_POST is being slashed.
Every
' becomes \'
\ becomes \\
" becomes \"
Why is this? How can I disable it???
Many Thanks!
Remco
I hope someone is able before march 4th.
I've the following configuration:
VirtualHost {
PreventSQLi = no
WebsiteRoot = /srv/www/htdocs/mysitename/httpdocs
Hostname = www.mysitename.nl
AccessLogfile = /srv/www/htdocs/mysitename/log/acces.log
ErrorLogfile = /srv/www/htdocs/mysitename/log/error.log
StartFile = index.php
UseToolkit = simplerewrite
ExecuteCGI = yes
FastCGI = PHP5
TimeForCGI = 60
PreventXSS = no
SecureURL = false
}The problem is: every input by $_POST is being slashed.
Every
' becomes \'
\ becomes \\
" becomes \"
Why is this? How can I disable it???
Many Thanks!
Remco
Hugo Leisink
1 March 2009, 23:22
It's a PHP setting. Set gpc_magic_quotes in php.ini to 'No'.
Remco
2 March 2009, 16:38
Thanks for your reply. In my php.ini file I find this setting:
magic_quotes_gpc = Off
I believe this is correct and shouldn't mess up things.
I use OpenSuse and I've no apache installed (should not make any difference ).
How can I asure it's PHP's messing up things? When I had apache installed, i had no problems at all...
I'm 100% sure that the slashes are not added by a PHP Function in the script.
magic_quotes_gpc = Off
I believe this is correct and shouldn't mess up things.
h# find / -name php.ini
/etc/php5/cli/php.ini
/etc/php5/fastcgi/php.ini
# cat /etc/php5/fastcgi/php.ini | grep magic
; - magic_quotes_gpc = Off [Performance]
magic_quotes_gpc = Off
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
I use OpenSuse and I've no apache installed (should not make any difference ).
How can I asure it's PHP's messing up things? When I had apache installed, i had no problems at all...
I'm 100% sure that the slashes are not added by a PHP Function in the script.
Joris
4 March 2009, 23:05
I dont know a solution, but I know a temporary solution.
if(get_magic_quotes_gpc()){
echo stripslashes($_POST['message']);
}else{
echo $_POST['message'];
}
Hugo Leisink
5 March 2009, 02:08
Hiawatha only adds slashes when PreventSQLi is set to 'yes'. If it's not, it must be PHP which adds the slashes. Have you tried restarting the PHP FastCGI daemon?
Remco
5 March 2009, 15:31
Hi... I'm a dumb person...
In my hiwatha fastcgi configfile I did not include the php.ini
This was because of a strange thing. When I've had the php.ini included, php did not just show the output, but also a large part of the phpcode itself. Offcourse that's not what I wanted, so I disabled it.
Now, I've enabled it, and I've no slash-problem anymore. However, the code on my screen problem still remains. Is there a php.ini option for that? (When I use my old Apache config it did not show the code, and I had no slash-bug, but other things were not working correctly).
I know it's not an hiawatha issue, but I hope you've the knowledge to safe me a lot of trouble and time.
In my hiwatha fastcgi configfile I did not include the php.ini
This was because of a strange thing. When I've had the php.ini included, php did not just show the output, but also a large part of the phpcode itself. Offcourse that's not what I wanted, so I disabled it.
Now, I've enabled it, and I've no slash-problem anymore. However, the code on my screen problem still remains. Is there a php.ini option for that? (When I use my old Apache config it did not show the code, and I had no slash-bug, but other things were not working correctly).
I know it's not an hiawatha issue, but I hope you've the knowledge to safe me a lot of trouble and time.
Hugo Leisink
5 March 2009, 16:09
Do you start your scripts with '<?' instead of '<?php'? If so, you need to set 'short_open_tag' to 'On'. Otherwise, PHP will not see your scripts as code, but as plain text and it will therefor show the code in the browser.
A difference between configuring PHP for Hiawatha and Apache is that Apache uses mod_php (which uses /etc/php/apache/php.ini) and Hiawatha uses php-cgi (which uses /etc/php/cgi/php.ini). So, make sure you edit the right php.ini!
A difference between configuring PHP for Hiawatha and Apache is that Apache uses mod_php (which uses /etc/php/apache/php.ini) and Hiawatha uses php-cgi (which uses /etc/php/cgi/php.ini). So, make sure you edit the right php.ini!
Remco
5 March 2009, 21:29
Everything works fine now.
Thanks for your time and thanks for writing Hiawatha.
Thanks for your time and thanks for writing Hiawatha.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
