Page 1 of 1

php script appends extra characters to query when deployed

Posted: Sun Aug 06, 2006 10:29 pm
by irfanhab
Hi,

I have a php script that queries a database, When I deploy it locally in my server and I query with the following query:

Select * from patents where casename like '%microsoft%';

It works fine.

However when I deploy it to a remote hosted site, and I run the same query, It doesnt work, because it passes the following query:

Select * from patents where casename like \'%microsoft%\';

How do I remove those slasshes?? I even tried trimming the slashes in the string passed to the mysql server but it wont work.

Posted: Sun Aug 06, 2006 10:33 pm
by feyd
how is this string being created? (the code.)

Posted: Sun Aug 06, 2006 10:48 pm
by volka
And what does

Code: Select all

$params = array('magic_quotes_gpc','magic_quotes_runtime','magic_quotes_sybase');
foreach($params as $p) {
	echo $p, ': ', ini_get($p) ? 'on':'off', "<br />\n";
}
print?

Posted: Sun Aug 06, 2006 11:03 pm
by RobertGonzalez
Sounds like you have addslashes() being applied somewhere.

Posted: Mon Aug 07, 2006 12:08 pm
by irfanhab
Everah wrote:Sounds like you have addslashes() being applied somewhere.
This is the Code where the error is occuring:

$query = $_POST["query"];
$query=trim($query,'\\');
print $query;

The query is passed to the script via a html form.

@voika

It displays this:
magic_quotes_gpc: on
magic_quotes_runtime: off
magic_quotes_sybase: off

Posted: Mon Aug 07, 2006 12:13 pm
by volka
magic_quotes_gpc: on
Take a look at http://de2.php.net/manual/en/ref.info.p ... quotes-gpc and http://de2.php.net/stripslashes
Can you change settings in the php.ini? Imho magic_quotes_gpc is one of the more #$*?!(censored) features of php.