Yup, what Mykeul said. PHP doesn't add slashes to *any* POST data, it adds it to any post data *if and only if* the magi_quotes_gpc settings is present and flagged to true. Therefore, I suggest code at the top of the program (probably in main.inc?) that runs through the POST and GET variables and strips slashes only if magic_quotes is turned on. Alternatively, we could add slashes if magic_quotes is not turned on and then strip them at output.
There are several examples of code that do just that here:
http://us3.php.net/manual/en/function.get-magic-quotes-gpc.php
Dean Jones wrote:
Unless it's something I don't know about... However, PHP add's slashes to quote to any POST data. That's why PHP has a built in function called stripslashes and addslashes. You're supposed to run stripslashes on any POST data that is to be displayed, really...
On Fri, 17 Feb 2006 16:36:55 +0100, Mykeul myk3ul@gmail.com wrote:
It is the magic_quotes problem, isnt it ?
On 2/17/06, Dean Jones deanj@cleancode.org wrote:
Umm... That's silly. They're definitely needed. Try sending an e-mail and put quotes around something or use a single quote. The message ends
up
like this:
He said "Hi"
and
Wouldn't you like to know.
Using stripslashes removes those uneccessary escape slashes around
quotes.
It's absolutely needed.
On Fri, 17 Feb 2006 10:08:41 +0100, Håkan Lindqvist
wrote:
I don't understand why it should be necessary to use stripslashes in
the
first place. The slashes shouldn't be there in the first place, except in SQL queries.
To me it seems that stripslashes isn't what we're looking for.
/Håkan
On tor, 2006-02-16 at 22:47 -0500, Dean Jones wrote:
Look like someone forgot to use stripslashes on the subject and body
of
the
messages... :)
Is there a standard for checking in patches if you have access to
CVS?
I've
fixed this, but I wanted to check and see what the procedure was for
checking
in small fixes like this.
Dean