I have created a form in my web application which has only a single text field and that field is posted to a PHP page using GET, but I am observing strange behavior. i.e. when I test it on my local server, the text is received as it was written in the text field, but when I upload it to my online server, the receive开发者_运维知识库d string is escaped automatically means, all single quotes and double quotes are escaped. e.g. If I write It's not true...
then on php side I will get
$comment = $_REQUEST["comm"];
print $comment;
//will print It\'s not true... on my online server
//will print It's not true... on my local server
I am yet unable to under stand why is it so? Is there any PHP setting for escaping Query Strings variables automatically?
You have "magic quotes" enabled. They're a terrible misfeature which are luckily being removed in the next version of PHP. The PHP manual has a guide to disabling them.
In short, you need to set the following configuration items to Off
in your php.ini
file:
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
Specifically, your problem appears to be with magic_quotes_gpc
- the "gpc" portion being short for "GET, POST, and COOKIE" - but it's good practice to keep all of them disabled.
Code will tell you every thing what you need..
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string"); // i.e. PHP >= v4.3.0
if ($new_enough_php) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if ($magic_quotes_active) {
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if (!$magic_quotes_active) {
$value = addslashes($value);
}
// if magic quotes are active, then the slashes already exist
}
return $value;
}
create above function and pass-on values to this function
and then call the values like
$yourVar = mysql_prep($_POST['yourControlName']);
I hope you may get every thing explained via comments...
I think its a setting within the php.ini file. You can call a PHP function to disable it, but by then it's too late.
精彩评论