Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Forms: backslahes and quotes get changed
  • JasonJudgeJasonJudge
    I have a form generated from a fieldset which comes from an ORM model. The form generates fine (I'm building the form fields individually so I can control the layout). When fields are invalid, the form fails validation, and is re-presented to the user to make corrections. Now, this is where I am seeing some odd behaviour. Any field that contained a "\", has all its backslashes escaped with a further backslash. Any text fields containing a double-quote has its quotes escaped with a backslash. Single-quotes get the same treatment. Is this normal or default behaviour? It looks like MySQL escaping to me, but I have no idea what that would be doing in the form/fieldset handling code. I'm just asking here, because it may be something obvious that is a common problem. -- Jason
  • JasonJudgeJasonJudge
    The validation functions see \' when I post ' in a text field. So I guess the escaping is being added on input and not output.
  • JasonJudgeJasonJudge
    Okay, I found this post: http://fuelphp.com/forums/topics/view/7764 and added this to my .htaccess: php_flag magic_quotes_gpc Off And that fixed the problem. Now I'm muttering under my breath: PHP5.3, magic quotes, WTF? I have no idea how this setting is turned on by default on this server. I don't think, in over twelve years of PHP development, I have *ever* used a server with that setting turned on. It is a meaningless setting: it is the application's job to ensure things are encoded and escaped correctly at the appropriate places, and always has been in my book. Stay calm, and carry on.
  • HarroHarro
    Time to find a new hoster...
  • JasonJudgeJasonJudge
    Harro Verton wrote on Monday 11th of June 2012:
    Time to find a new hoster...

    This *is* the new hoster - a big-name cloud-based service. I've just found the PHP settings admin page, so am going through all the options in that. Now, register_globals...phew, not set. I'm wondering whether I have never seen this before, because I have always used frameworks that don't care what the setting is? With GET, POST and COOKIE parameters read centrally, it only needs that setting to be checked in one place then reversed if necessary (I know, it *shouldn't* be necessary, but hosting is a big, dirty real-life world out there). A typical example of how to do this using array_map is given here http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting But that is probably unnecessary overkill. Just a note for the installation docs, perhaps.
  • HarroHarro
    * oops... *
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion