Page 1 of 1

Why is PHP escaping already-escaped single quotes?

Posted: Thu Nov 11, 2010 4:30 am
by Stokestack
Hi all.

I'm trying to pass some params through a URL, and some have to be single-quoted for SQL. I find that even if I URL-encode the quotes, PHP converts them to \'

Why, and is there a workaround other than post-processing every incoming parameter to replace the \' with '

Thanks!

Re: Why is PHP escaping already-escaped single quotes?

Posted: Thu Nov 11, 2010 4:51 am
by Weirdan
It's likely your PHP interpreter misconfigured (magic_quotes_gpc turned on). Check your phpinfo() output and turn it off if it's on.

Re: Why is PHP escaping already-escaped single quotes?

Posted: Thu Nov 11, 2010 6:48 am
by dheeraja
You can solve your problem by using stripslashes(), for more information follow this link: http://php.net/manual/en/function.stripslashes.php

Re: Why is PHP escaping already-escaped single quotes?

Posted: Sat Nov 13, 2010 3:01 pm
by Stokestack
Thanks for the replies, guys.

Re: Why is PHP escaping already-escaped single quotes?

Posted: Sat Nov 13, 2010 3:16 pm
by s.dot
Don't use stripslashes, turn magic_quotes_gpc off

Re: Why is PHP escaping already-escaped single quotes?

Posted: Sat Nov 13, 2010 3:27 pm
by Stokestack
magic_quotes of all kinds were already off, so I guess the original question remains: Why did PHP add the slashes to begin with?

Re: Why is PHP escaping already-escaped single quotes?

Posted: Sat Nov 13, 2010 3:47 pm
by s.dot
Show us your code.
If you're escaping a query with an escaping function and then printing it, that would be why you see the quotes.
I still think magic_quotes_gpc is on
Let's see your code! :)

Re: Why is PHP escaping already-escaped single quotes?

Posted: Sat Nov 13, 2010 5:36 pm
by Stokestack
Thanks. I've already starting switching over to prepared statements and mysqli, so the code has now changed and this is most likely moot. If it comes up again, I'll post the relevant code.