Slash appended to all my posts

Question

Possible Duplicate:
Why turning magic_quotes_gpc on in PHP is considered a bad practice?

when i get information from a post form, the html form adds slashes before random characters. for example: hello "george" becomes hello \"george\".

I dont understand at all why this happens, I tried already forbidding slashes in the input tag from javascript but does not work so I need some php or javascript function to remove this from the server. The function must work in html too because i am using these three technologies because i am developing and selling web 2.0 sites.

what is the php function for this and its version for html too? thanks in advance.

Here I link you to my pages with this problem, maybe you can check why this happens.

http://www.nickersonweb.com/
http://www.preferredmerchantservices.net/

disable [`magic_quotes_gpc`](http://php.net/magic_quotes_gpc). — Arnaud Le Blanc, Sep 14 '11 at 14:26
See [this question](http://stackoverflow.com/questions/2610524/why-turning-magic-quotes-gpc-on-in-php-is-considered-a-bad-practice). Make sure to read the accepted answer, follow the link to php.net and read the first comment. — Jon, Sep 14 '11 at 14:28

Arnaud Le Blanc · Answer 1 · 2011-09-14T18:44:46.583

6

This is an old (deprecated) feature of PHP that automagically escapes some characters in strings from various sources ($_GET, $_POST, $_COOKIE, etc).

The goal was to protect from SQL injection vulnerabilities, but this was not that good.

This can be disabled by setting the magic_quotes_gpc setting to 0 in your php.ini.

If you don't have control over the magic_quotes_gpc setting, you may want to reverse its effect, by using the stripslashes function:

$value = stripslashes($_POST['foo']);

You can do it on all $_POST variables like this:

function stripslashes_r($value) {
    if (is_array($value)) return array_map('stripslashes_r', $value);
    else return stripslashes($value);
}

if (get_magic_quotes_gpc()) {
    $_POST = stripslashes_r($_POST);
}

edited Sep 14 '11 at 18:44

answered Sep 14 '11 at 14:28

Arnaud Le Blanc

98,321
23
206
194

Since you may not have control over that, I think the conditional recursive `stripslashes` treatment deserves at least a mention. – Jon Sep 14 '11 at 14:29
i have a main.html which changed to main.php but i dont see php.ini and such function does not work for me in html or js. – Cory Sep 14 '11 at 14:31

score 1 · Accepted Answer · answered Sep 14 '11 at 14:31

1

special characters are escaped. you can remove the backslashes with http://php.net/manual/en/function.stripslashes.php

answered Sep 14 '11 at 14:31

kasper Taeymans

6,950
5
32
51

This is a sorry hack. If you users _care_ about their \ (maybe they want to include Windows filenames in their HTML forms, maybe they just don't understand the difference between \ and / and use them interchangeably in English prose) then you are destroying their data as a workaround for a horrible feature in PHP that never should have been written in the first place. Just disable the stupid feature. – sarnold Sep 15 '11 at 01:45

Slash appended to all my posts

2 Answers2

Linked