Bug in Quoted String Handling?
Moderator: General Moderators
-
DanBlather
- Forum Newbie
- Posts: 7
- Joined: Fri Sep 22, 2006 6:53 pm
Bug in Quoted String Handling?
My hosting compnay recently upgraded from 4.4.4 to 4.4.6 and my PHP script stopped working. I am using a GET method with the following URL:
http://www.xyz.com/aEventQueryString.ph ... 2007-03-15 21:10:03'
This used to work fine, and $DateTime was set to: {2007-03-15 21:10:03} (brackets added, not in actual string). After the upgrade $DateTime is set to: {\'2007-03-15 21:10:03\'}. It's as though the single quotes are being treated as embedded quotes and being escaped. Is this a bug or was the old behavior incorrect and now fixed?
A related question, if I just format my URL as {...DateTime=2007-03-15%2021:10:03} can I pass that off to MySQL without further ado? Thanks.
http://www.xyz.com/aEventQueryString.ph ... 2007-03-15 21:10:03'
This used to work fine, and $DateTime was set to: {2007-03-15 21:10:03} (brackets added, not in actual string). After the upgrade $DateTime is set to: {\'2007-03-15 21:10:03\'}. It's as though the single quotes are being treated as embedded quotes and being escaped. Is this a bug or was the old behavior incorrect and now fixed?
A related question, if I just format my URL as {...DateTime=2007-03-15%2021:10:03} can I pass that off to MySQL without further ado? Thanks.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
-
DanBlather
- Forum Newbie
- Posts: 7
- Joined: Fri Sep 22, 2006 6:53 pm
- aaronhall
- DevNet Resident
- Posts: 1040
- Joined: Tue Aug 13, 2002 5:10 pm
- Location: Back in Phoenix, missing the microbrews
- Contact:
If your server won't budge about magic_quotes_gpc, you can array_map() each of $_GET, $_POST and $_COOKIE with the callback stripslashes() and the beginning of your script as a resort to calling stripslashes() for every GPC reference
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
phpBB used to array map, then changed it because it had some weird results in the resultant array map. Of course, theirs checks to see if magic quotes is off and adds slashes to the superglobal arrays. But the same logic can be applied to removing slashes.
EDIT | I modified theirs to use stripslashes() if get_magic_quotes_gpc() is on...
EDIT | I modified theirs to use stripslashes() if get_magic_quotes_gpc() is on...
Code: Select all
<?php
// stipslashes on all vars if magic_quotes_gpc is on
if( get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = stripslashes($v2);
}
reset($_GET[$k]); // For some reason this had an error suppressor
}
else
{
$_GET[$k] = stripslashes($v);
}
}
reset($_GET); // For some reason this had an error suppressor
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = stripslashes($v2);
}
reset($_POST[$k]); // For some reason this had an error suppressor
}
else
{
$_POST[$k] = stripslashes($v);
}
}
reset($_POST); // For some reason this had an error suppressor
}
if( is_array($_COOKIE) )
{
while( list($k, $v) = each($_COOKIE) )
{
if( is_array($_COOKIE[$k]) )
{
while( list($k2, $v2) = each($_COOKIE[$k]) )
{
$_COOKIE[$k][$k2] = stripslashes($v2);
}
reset($_COOKIE[$k]); // For some reason this had an error suppressor
}
else
{
$_COOKIE[$k] = stripslashes($v);
}
}
reset($_COOKIE); // For some reason this had an error suppressor
}
}
?>-
DanBlather
- Forum Newbie
- Posts: 7
- Joined: Fri Sep 22, 2006 6:53 pm
My hosting service rurned "magic_quotes_gpc on" off on my config file. I still see odd behavior. The escape of the single quotes has gone away, but the leading and trailing single quote are still included in the string itself. For example:
echo "{" . $DateTime . "}"
gives
{'2007-03-15 21:10:03'}
Before the upgrade the single quotes were not in the string. In the URL DateTime is specified:
DateTime='2007-03-15 21:10:03'
and I expected the echo above to give
{2007-03-15 21:10:03}
echo "{" . $DateTime . "}"
gives
{'2007-03-15 21:10:03'}
Before the upgrade the single quotes were not in the string. In the URL DateTime is specified:
DateTime='2007-03-15 21:10:03'
and I expected the echo above to give
{2007-03-15 21:10:03}
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
-
DanBlather
- Forum Newbie
- Posts: 7
- Joined: Fri Sep 22, 2006 6:53 pm