erawlins Posted March 23, 2008 Share Posted March 23, 2008 I am creating a web site using PHP, and need to pass certain strings via a cookie. I use setcookie() to store the cookie and $_COOKIE[] to retrieve it. All goes well until the stored string contains a backslash (\) or a single or double quote. In that case, when I retrieve the cookie it comes with 3 extra backslashes. Example: I store Sam's and I get back Sam\\\'s I store Sam\'s and I get back Sam\\\\\\\'s This does not happen when I test locally on my own machine; it only started happening when I moved the site over to TCH for beta testing. I can't strip the backslashes out of the retrieved string, because sometimes I put a backslash in myself, as in the second example. I can't use setrawcookie() because it plain forbids such characters in the first place. Tech support at TCH has declined to help or advise me. What's going on here, and what can I do about it? Quote Link to comment Share on other sites More sharing options...
click Posted March 23, 2008 Share Posted March 23, 2008 The backslashes are probably being added because magic quotes is on. Magic quotes automatically escapes all quotes and backslashes in post, get & cookie data. Use stripslashes() to remove the slashes. get_magic_quotes_gpc() will return true if it's enabled, false if not. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted March 23, 2008 Share Posted March 23, 2008 Welcome to the forums erawlins Tech support at TCH has declined to help or advise me. What's going on here, and what can I do about it? I'm sorry that tech support did not give you an answer to a programming question but I believe that goes beyond the scope of what tech support is supposed to help with. As you have discovered that is why they most likely directed you to the user forums where one of the members was able to answer your question. So in essence they did help you. Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted March 23, 2008 Share Posted March 23, 2008 Welcome to the forum, erawlins. Quote Link to comment Share on other sites More sharing options...
erawlins Posted March 23, 2008 Author Share Posted March 23, 2008 Thanks, that makes sense. But why am I getting so *many* backslashes -- three, to be exact? I am including this cookie string in a SQL statement, and MySQL doesn't like it at all. I can't stripslashes because the SQL parameter may actually have a quote in it and require a backslash -- for example, "select * from customer where last_name = 'O\'Neill'". Will that work if there are 3 slashes instead of one? Quote Link to comment Share on other sites More sharing options...
TCH-Vivek Posted March 23, 2008 Share Posted March 23, 2008 Welcome to the forums erawlins I am not good as a PHP programmer. But I guess the second slash is added by magiciquotes_gpc while reading back from the cookie file. FYI, gpc stands for get, post, cookie that's it works when any or all of the above methods is called. You can turn off magic quotes by using php_flag in .htaccess. Feel free to ping support if you need assistance in turnig it off for your account. Quote Link to comment Share on other sites More sharing options...
click Posted March 23, 2008 Share Posted March 23, 2008 It is somehow being processed by magic quotes twice. Maybe it's a value passed in through POST from a form causing 'O'Neill' to be escaped as 'O\'Neill'. If the value were then written as is to a cookie, when it was later passed back to PHP the backslash (\\) and quote (\') would again be escaped resulting in 'O\\\'Neill', etc. Quote Link to comment Share on other sites More sharing options...
erawlins Posted March 23, 2008 Author Share Posted March 23, 2008 This all makes a lot of sense. I think I know enough to proceed now. Thanks for all the help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.