deanstonehocker Posted November 17, 2012 Share Posted November 17, 2012 In the section, Securing Query Data, the use of stripslashes is given. It works when only one blog entry is being displayed. However, when several blog entries are being displayed using the mysql_fetch_array() on page 361-365 of the book, I can't elimate the slashes that are placed in front of single and double quotes from the database fields 'title' and 'entry'. I'm using PHP version 5.2.17. I'd like to turn magic quotes off, if that's what's causing the problem. GoDaddy's PHP Info indicates the following regarding Magic Quotes (the two columns on the right represent local value, master value): Local Master magic_quotes_gpc On On magic_quotes_runtime Off Off magic_quotes_sybase Off Off I can't find a help topic on GoDaddy about turning magic quotes off. Maybe they recognize that having them turned off threatens their servers? Anyway, I suspect the problem is that the variable being stripped in the security section of PHP for the Web isn't an array, and the fetch array, of course, is. I've tried placing the "stripslashes()" function in every possible position in Script 12.7, but nothing seems to work. Any suggestions? Link to comment Share on other sites More sharing options...
victor Posted November 17, 2012 Share Posted November 17, 2012 Hi dean, first suggestion, run away from Godaddy's hosting:), the magic quotes directive was deprecated since PHP version 5.3.0. But, in your case, you can put the following code in a file (you can call it, "magicquotes.inc.php, "magicquotes.php", or whatever works for you, and include it in your main script: magicquotes.php code: <?php if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } Include it like this: <?php # Begining of your script include 'includes/magicquotes.php'; ... Or <?php # Begining of your script include $_SERVER['DOCUMENT_ROOT'] . 'includes/magicquotes.php'; ... The php closing tag ?> was left intentionally, because this is an include file. I didn't invent this code, it comes from the PHP manual. Hope that helps. Victor Link to comment Share on other sites More sharing options...
Edward Posted November 18, 2012 Share Posted November 18, 2012 I was using a escape function to check whether magic quotes was enabled or disabled then taking appropriate action, for example public static function escapeData ($data) { global $mysqli; // Database connection. // Strip the slashes if Magic Quotes is on: if (get_magic_quotes_gpc()) $data = stripslashes($data); // Apply trim() and mysqli_real_escape_string(): return $mysqli->real_escape_string(trim ($data)); } // End of the escapeData() function. Link to comment Share on other sites More sharing options...
deanstonehocker Posted November 21, 2012 Author Share Posted November 21, 2012 Somewhere in his book, Larry suggests going away from your problem for a day or two, and then coming back to it with a fresh mind. I've done just that, and this morning I read through the database chapter again. For the first time, I realized that the strip slashes() function had been applied to the form fields when the insert data query was run. I had been trying to use these functions for the retrieve data (view_entries.php), and that is apparently why I couldn't get rid of the slashes. Once I added my_sql_escape_string(), stripslashes(), trim(), and strip_tags() to the add_entry.php script, the slashes were gone when I viewed all of the entries in view_entries.php. I must say that I have worked from a dozen different computer books, and Larry's has been the best of them all. I don't believe there has been a mistake in any of his example code. That's really pretty rare. As for GoDaddy, I agree that there must be better hosting companies. However, I was asked to take over the website of a non-profit organization, and there is still a year and one-half to go on their contract with GoDaddy. So . . . (I notice that the PHP website has a link to hosting companies they recommend.) Thanks for your suggestions and help. 1 Link to comment Share on other sites More sharing options...
Larry Posted November 28, 2012 Share Posted November 28, 2012 Thanks for the nice words. I'm glad you were able to figure it out and thanks for sharing. Link to comment Share on other sites More sharing options...
Vegasvikk Posted November 30, 2012 Share Posted November 30, 2012 Hi Larry: I too have GoDaddy...whom do you recommend or suggest? Thanks Vick Link to comment Share on other sites More sharing options...
Larry Posted November 30, 2012 Share Posted November 30, 2012 I hear good things about DreamHost. If you search the forums, you'll find threads about recommended hosting. Link to comment Share on other sites More sharing options...
margaux Posted November 30, 2012 Share Posted November 30, 2012 @Vegasvikk - what country are you in? CSN is very good, UK based. Link to comment Share on other sites More sharing options...
Recommended Posts