Quotes issues

[Hondy]

Hi

I have a CMS tool written in PHP, on the devs server its fine, but on mine it causes problems if you add a word into the CMS tool that has an apostraphe. From Googling this seem fairly common but I still don't know how to fix it.

I also have mod_security installed which may also not help as it might think a SQL inj attack is going on or something (just an idea)

I have tried a few Magic Quotes options (maybe the wrong ones) but I'm a bit of a noob at LAMP servers.

If I turn magic quotes on other bits screw up as extra "/" forward slashes appear in places.

Where do I start to look at fixing this? I see magic quotes is on its way out anyway.

Cheers!

 

[jpadie]

if the CMS is well designed, you should make sure that magic_quotes_gpc is turned off and that magic_quotes_runtime is turned off in php.

if you cannot control your application you might consider running this scriptlet as the first line of each of your pages

cleanseMagicQuotes();
function cleanseMagicQuotes(){
  set_magic_quotes_runtime(false);
  if (get_magic_quotes_gpc()){
   array_walk_recursive($_GET, 'stripslashes');
   array_walk_recursive($_POST, 'stripslashes');
   array_walk_recursive($_COOKIE, 'stripslashes');
   array_walk_recursive($_REQUEST,' stripslashes');
  }
}

 

[Hondy]

thanks jpadie, what does the scriplet do? The CMS tool looks quite advanced, I would say it is a commercial editor. The problem is obviously submitting the apostraphe into the database where the "update failed"

I wonder is it actually a MySQL datatype issue maybe? I can't access it right now but should you ordinarily be able to insert ' into a db field?

 

[jet042]

' is a special character in MySQL, so it has to be escaped before it can be inserted into a field.

The scriptlet that jpadie provided basically reverses the changes that magic_quotes_gpc() makes to submitted data before it gets to the CMS. Chances are good that the CMS you are using already escapes special characters, so combining that with magic_quotes_gpc() could cause issues.

 

[Hondy]

ah i see. I meant that I tried to use magice quotes to fix it. It was off the first time i tried it and thought it might resolve the issue so the script wont do a lot because MQ is off :s

Any other ideas?

 

[jpadie]

there are two types of magic quotes. if they are both turned off then, brutally, the CMS is badly written.

it's possible that it could be something to do with the editor you're using? maybe that's shonky?

 

[Hondy]

well the interesting thing is that it works on his hosted version, i built my server myself so it must be missing something but i've no idea what? If it was the editor then it would happen on both i think?

 

[jpadie]

then it's your server configuration. his probably has magic_quotes_runtime and magic_quotes_gpc turned off (as you should have).

remember that for non-cgi implementations of php you need to restart the webserver every time a change is made to the php.ini file.

 

[Hondy]

well yes I guess it is the server config, but MQ is totally turned off and I can't figure out what other server config would cause this.

I'm restarting the httpd almost once an hour due to various config changes so anyone know what it might be? It doesn't seem to be code related and its not MQ.

 

[jpadie]

can you post the phpinfo() results here.

 

[Hondy]

ahh its ok thanks, the programmer improved the code and all is well - thanks anyway

 

[jpadie]

thanks for posting back. could you have your programmer colleague explain what he's done in this thread so that future readers can benefit from the sale solution?

 

[Hondy]

i will ask, he doesn't work in the office though and I doubt he will tell me that the code was a little icky in the first place