PHP $_GET apostrophe

Question

Possible Duplicate:
“slash before every quote” problem

Hi, I am trying to use $_GET to send the contents of a text box to another php document. But whenever I try to use single (') or double (") quotes, the text is received as \' or \". When I try to use str_replace, I get a php error. I need to use $_GET instead of $_POST, because I need to be able to bookmark the page.

Here is the code: HTML document:

<form action="result.php" method="get">
<input type="text" name="code" size="70" />
<input type="submit" />
</form>

PHP document:

<?php
echo $_GET["code"];
?>

score 3 · Accepted Answer · answered Nov 28 '10 at 10:23

3

Disable Magic Quotes. On top of the page, you can code like this:

<?php
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}
?>

There are better options available. REad here http://www.php.net/manual/en/security.magicquotes.disabling.php

answered Nov 28 '10 at 10:23

Satya Prakash

3,372
3
31
47

1

That’s rather reverting than disabling. – Gumbo Nov 28 '10 at 10:27
I know it's from the PHP manual, but does anyone ever iterate through an array like that? Wouldn't a `foreach` with `$key => $value` be a lot clearer? – alex Nov 28 '10 at 10:28
@alex: *magic\_quotes\_gpc* affects not just the values but anything in the query string. So it’s rather equivalent to `parse_str(addslashes($_SERVER['QUERY_STRING']), $_GET)`. – Gumbo Nov 28 '10 at 11:35
@Gumbo, you are right. But I do not the exact problem. Whether he have access to php.ini or not. and also where he is going to deploy the code (hosting). So, it is good to detect the php.ini setting and disable the setting using reverting as in future php is not going to have magic quotes enabled. I have given a link for research there. – Satya Prakash Nov 28 '10 at 13:17

score 1 · Answer 2 · answered Nov 28 '10 at 10:23

1

Disable magic quotes on your server.

(unless you have something looping through the $_GET[] and using something like addslashes()).

You can tell if you have magic quotes enabled by running...

var_dump(get_magic_quotes_gpc());

answered Nov 28 '10 at 10:23

alex

479,566
201
878
984

PHP $_GET apostrophe

2 Answers2