All,
Yes, it's more of the famous 'what do I do about magic_quotes' questions.
Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply use
..htaccess to turn magic_quotes_gpc off and I escape as needed from there.
My problem however has become what to do for FULLY portable applications.
I'm currently writing an XML-based PHP application that will be using a
MySQL backend, and going by my logic that I normally use (turning magic
quotes off via htaccess) I might run into some problems. Basically, this
application needs to be able to move to ANY hosting provider with very
little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()' check
and escape where magic quotes are off. This shouldn't cause a problem with
my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if we
have to put this application on an IIS server where turning them off is not
an option. From what I understand, there's no way to turn them off at
runtime.
Any ideas on the best way to handle this?
10  1610 
Jon wrote: All,
Yes, it's more of the famous 'what do I do about magic_quotes' questions.
Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply use
.htaccess to turn magic_quotes_gpc off and I escape as needed from there.
My problem however has become what to do for FULLY portable applications.
I'm currently writing an XML-based PHP application that will be using a
MySQL backend, and going by my logic that I normally use (turning magic
quotes off via htaccess) I might run into some problems. Basically, this
application needs to be able to move to ANY hosting provider with very
little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()' check
and escape where magic quotes are off. This shouldn't cause a problem with
my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if we
have to put this application on an IIS server where turning them off is not
an option. From what I understand, there's no way to turn them off at
runtime.
Any ideas on the best way to handle this?
I code for having them off, and look for hosting companies who have them turned
off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals turned on.
Generally I need to ask them if it's off or on. And if they can't tell me
something this simple, it's time to run the other way!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:b7********************@comcast.com... Jon wrote: All,
Yes, it's more of the famous 'what do I do about magic_quotes' questions.
Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply
use .htaccess to turn magic_quotes_gpc off and I escape as needed from
there.
My problem however has become what to do for FULLY portable applications.
I'm currently writing an XML-based PHP application that will be using a
MySQL backend, and going by my logic that I normally use (turning magic
quotes off via htaccess) I might run into some problems. Basically, this
application needs to be able to move to ANY hosting provider with very
little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()'
check and escape where magic quotes are off. This shouldn't cause a
problem with my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
pickup the htaccess directive that turns them off, so it is always
reported on. This basically traps me into not being able to check if
they're on or off, or simply counting on them for my own application and
leaving them on (I have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if
we have to put this application on an IIS server where turning them off
is not an option. From what I understand, there's no way to turn them off
at runtime.
Any ideas on the best way to handle this?
I code for having them off, and look for hosting companies who have them
turned off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals turned
on.
Generally I need to ask them if it's off or on. And if they can't tell me
something this simple, it's time to run the other way!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Yeah, but if I'm building a retail application there's really no choice on
the host.
>> Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
This is ugly, but I suspect it will work: include on each form a
hidden variable containing a value that will be mangled by magic_quotes.
Check to see if the value has been mangled. Act accordingly.
Any ideas on the best way to handle this?
I code for having them off, and look for hosting companies who have them turned
off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals turned on.
Speaking of register_globals, when is ini_get('register_globals') going
to become a fatal error?
Gordon L. Burditt
Jon wrote: "Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:b7********************@comcast.com...
Jon wrote:
All,
Yes, it's more of the famous 'what do I do about magic_quotes' questions.
Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply
use .htaccess to turn magic_quotes_gpc off and I escape as needed from
there.
My problem however has become what to do for FULLY portable applications.
I'm currently writing an XML-based PHP application that will be using a
MySQL backend, and going by my logic that I normally use (turning magic
quotes off via htaccess) I might run into some problems. Basically, this
application needs to be able to move to ANY hosting provider with very
little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()'
check and escape where magic quotes are off. This shouldn't cause a
problem with my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
pickup the htaccess directive that turns them off, so it is always
reported on. This basically traps me into not being able to check if
they're on or off, or simply counting on them for my own application and
leaving them on (I have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if
we have to put this application on an IIS server where turning them off
is not an option. From what I understand, there's no way to turn them off
at runtime.
Any ideas on the best way to handle this?
I code for having them off, and look for hosting companies who have them
turned off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals turned
on.
Generally I need to ask them if it's off or on. And if they can't tell me
something this simple, it's time to run the other way!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Yeah, but if I'm building a retail application there's really no choice on
the host.
Why not? There are always choices for hosts, unless they are planning to do it
in house. And if that's the case they can control the settings themselves.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jon wrote: Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
Are you sure your observation is correct? get_magic_quotes_gpc()
returns the variable that controls whether slashes are added or not. If
it returns true, then magic_quotes_gpc is on. If it returns false, then
it's off--unless you alter the state through ini_set() afterward, of
course.
From the source code:
PHP_FUNCTION(get_magic_quotes_gpc)
{
RETURN_LONG(PG(magic_quotes_gpc));
}
if (PG(magic_quotes_gpc)) {
Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry),
&Z_STRLEN(new_entry), 0 TSRMLS_CC);
} else {
Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
}
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:F4******************************@comcast.com. .. Jon wrote: "Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:b7********************@comcast.com...
Jon wrote:
All,
Yes, it's more of the famous 'what do I do about magic_quotes'
questions. Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply
use .htaccess to turn magic_quotes_gpc off and I escape as needed from
there.
My problem however has become what to do for FULLY portable
applications. I'm currently writing an XML-based PHP application that
will be using a MySQL backend, and going by my logic that I normally use
(turning magic quotes off via htaccess) I might run into some problems.
Basically, this application needs to be able to move to ANY hosting
provider with very little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()'
check and escape where magic quotes are off. This shouldn't cause a
problem with my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
pickup the htaccess directive that turns them off, so it is always
reported on. This basically traps me into not being able to check if
they're on or off, or simply counting on them for my own application and
leaving them on (I have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if
we have to put this application on an IIS server where turning them off
is not an option. From what I understand, there's no way to turn them
off at runtime.
Any ideas on the best way to handle this?
I code for having them off, and look for hosting companies who have them
turned off. There are thousands of good ones who run that way.
Just like I don't host with companies who run with register_globals
turned on.
Generally I need to ask them if it's off or on. And if they can't tell
me something this simple, it's time to run the other way!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Yeah, but if I'm building a retail application there's really no choice
on the host.
Why not? There are always choices for hosts, unless they are planning to
do it in house. And if that's the case they can control the settings
themselves.
Because when we sell it we won't know what host the customer has. We'll
install it on other hosts if they give us the username/password to login to
the server and meet the requirements of PHP 4.x+ and MySQL 3.23+. We can't
really ask them to switch hosts.
I went back and re-tested it, and it is in fact returning true despite my
htaccess explicitly turing magic_quotes off.
"Chung Leong" <ch***********@hotmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com... Jon wrote: Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to
pickup
the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or
off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
Are you sure your observation is correct? get_magic_quotes_gpc()
returns the variable that controls whether slashes are added or not. If
it returns true, then magic_quotes_gpc is on. If it returns false, then
it's off--unless you alter the state through ini_set() afterward, of
course.
From the source code:
PHP_FUNCTION(get_magic_quotes_gpc)
{
RETURN_LONG(PG(magic_quotes_gpc));
}
if (PG(magic_quotes_gpc)) {
Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry),
&Z_STRLEN(new_entry), 0 TSRMLS_CC);
} else {
Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
}
Jon wrote: I went back and re-tested it, and it is in fact returning true despite my
htaccess explicitly turing magic_quotes off.
Are slashes inserted though? Based on the source code, I just don't see
how it's possible that magic quote is off while get_magic_quotes_gpc()
returns true. It could be a bug, of course. If you post your test code
along with the line in the .htaccess, I'll trace through the scenario
under a debugger.
Jon wrote: All,
Yes, it's more of the famous 'what do I do about magic_quotes' questions.
Anyways, here we go:
I've been a PHP developer for about a year now, and have grown to detest
magic_quotes for numerous reasons. So, in my applications now I simply use
.htaccess to turn magic_quotes_gpc off and I escape as needed from there.
My problem however has become what to do for FULLY portable applications.
I'm currently writing an XML-based PHP application that will be using a
MySQL backend, and going by my logic that I normally use (turning magic
quotes off via htaccess) I might run into some problems. Basically, this
application needs to be able to move to ANY hosting provider with very
little configuration.
So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()' check
and escape where magic quotes are off. This shouldn't cause a problem with
my own code because I've turned magic_quotes off anyways.
Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
the htaccess directive that turns them off, so it is always reported on.
This basically traps me into not being able to check if they're on or off,
or simply counting on them for my own application and leaving them on (I
have no access to the .ini to turn them off at all).
Worse yet, on the other side - if I go with my .htaccess and just always
turn them off like I have been doing, this will come back to bite me if we
have to put this application on an IIS server where turning them off is not
an option. From what I understand, there's no way to turn them off at
runtime.
Any ideas on the best way to handle this?
if (get_magic_quotes_gpc()){
function undoAddSlashes($formval){
return stripslashes($formval);
}
} else {
function undoAddSlashes($formval){
return $formval;
}
}
When accessing GPC data I *always* run it through undoAddSlashes.
Depending on whether magic quotes is active, undoAddSlashes will
perform the stripslashes. No wondering which to do or ini_set (which
doesn't work with magic quotes anyway, since by the time your ini_set
fires it has already added the slashes)
On Mon, 1 May 2006 11:43:39 -0500, "Jon" <jo***@netins.com> wrote: Any ideas on the best way to handle this?
Don't use .htaccess to turn off magic quotes. If your code is setup
to escape the strings depending on whether or not it's enabled then it
shouldn't matter if magic quotes is enabled. I've never had the
get_magic_quotes_gpc() function return an incorrect value but then I
don't ever use .htaccess to set that magic_quotes_gpc setting. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Marcus |
last post by:
Hi all,
I've been reading up on magic quotes but I'm still confused, seems like
all the info I can find is just regurgitating the little blurb in the
php manual. My question is this: if I turn...
|
by: yawnmoth |
last post by:
even though register globals is disabled by default, i'm currious as to
how it and magic quotes interact. consider the following code:
<?
// assuming $_GET='"test"' and register globals enabled...
|
by: Dave Moore |
last post by:
Hi All,
Can anybody point me to a FAQ or similar that describes what all this
stuff is about please?. I'm interfacing with a MySQL database if that's
relavent. I've read a couple of books which...
|
by: Brian Kelley |
last post by:
def res():
try:
a = 1
return
finally:
print "do I get here?"
res()
outputs "do I get here?"
|
by: Robert Oschler |
last post by:
I am trying to strip out the contents of all double-quoted phrases in a
string. I tried the following:
preg_match_all("/(?:\").*?(?:\")/i", $theString, $matches,
PREG_PATTERN_ORDER);
Given...
|
by: Alfonso Morra |
last post by:
Hi,
I have the ff data types :
typedef enum {
VAL_LONG ,
VAL_DOUBLE ,
VAL_STRING ,
VAL_DATASET
}ValueTypeEnum ;
|
by: James S. Singleton |
last post by:
Thanks to everybody who provided an answer to my previous question on
this. I am trying to grasp the nitty-gritty details of this, and I am
having difficulties understanding some of the issues...
|
by: Kuku |
last post by:
What is the difference between a reference and a pointer?
|
by: per9000 |
last post by:
Hi,
I recently started working a lot more in python than I have done in
the past. And I discovered something that totally removed the pretty
pink clouds of beautifulness that had surrounded my...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
