Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 12:38 am EST
Geeklog Forums
gpc_magic_quotes
Status: offline
exaurdon
Forum User
Regular Poster
Registered: 08/13/03
Posts: 107
This post is primarily directed toward members of the development team. I am just curious if any provision exxists in geeklog to handle the case of uses who do not have the gpc_magic_quotes option turned on. I have not noticed any provision in the code for this possiblitiy.
I have noticed that most code seems to call addslashes before storing values in a database, and stripslashes when reading from the DB. This generally works very well. However, if gpc_magic_quotes is disabled, then it appears that users cannot place a backslashes in any field using the add/strip slashes. (As long as a backslash does not need to be placed, it works fine) here is why I think this happens:
Example:
you want to put: \"hello\" into a field (including the backslashes)
1. - Form submission
With gpc_magic_quotes on: this becomes \\\"hello\\\"
With gpc_magic_quotes off: this becomes \"hello\" (no change)
2. - Add slashes
With gpc_magic_quotes on: this becomes \\\\\\\"hello\\\\\\\"
With gpc_magic_quotes off: this becomes \\\"hello\\\"
3. - DB Insertion
- (Escaped chars are translated to normal chars)
In the database you end up with:
quotes on: \\\"Hello\\\"
quotes off: \"Hello\"
4. - Strip slashes
With gpc_magic_quotes on: you get \"hello\"
With gpc_magic_quotes off: this becomes "hello"
With quotes off, you lost the slashes.... As I mentioned, this isn't a terribly huge deal right now, since most fields don't need backslashes in them, but maybe in Geeklog 2 this would be something to address. It could be handled reasonably easily throught eh $_REQUEST variable (especially since register_globals will no longer be assumed)
I'm posting this primarily in case anyone else is having similar problems with backslashes in fields.
Alex~
P.S. Sorry for a very long post...
I have noticed that most code seems to call addslashes before storing values in a database, and stripslashes when reading from the DB. This generally works very well. However, if gpc_magic_quotes is disabled, then it appears that users cannot place a backslashes in any field using the add/strip slashes. (As long as a backslash does not need to be placed, it works fine) here is why I think this happens:
Text Formatted Code
Example:
you want to put: \"hello\" into a field (including the backslashes)
1. - Form submission
With gpc_magic_quotes on: this becomes \\\"hello\\\"
With gpc_magic_quotes off: this becomes \"hello\" (no change)
2. - Add slashes
With gpc_magic_quotes on: this becomes \\\\\\\"hello\\\\\\\"
With gpc_magic_quotes off: this becomes \\\"hello\\\"
3. - DB Insertion
- (Escaped chars are translated to normal chars)
In the database you end up with:
quotes on: \\\"Hello\\\"
quotes off: \"Hello\"
4. - Strip slashes
With gpc_magic_quotes on: you get \"hello\"
With gpc_magic_quotes off: this becomes "hello"
With quotes off, you lost the slashes.... As I mentioned, this isn't a terribly huge deal right now, since most fields don't need backslashes in them, but maybe in Geeklog 2 this would be something to address. It could be handled reasonably easily throught eh $_REQUEST variable (especially since register_globals will no longer be assumed)
I'm posting this primarily in case anyone else is having similar problems with backslashes in fields.
Alex~
P.S. Sorry for a very long post...
5
6
Quote
All times are EST. The time is now 12:38 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content