Jump to content
erawlins

Cookies With Special Characters

Recommended Posts

I am creating a web site using PHP, and need to pass certain strings via a cookie. I use setcookie() to store the cookie and $_COOKIE[] to retrieve it. All goes well until the stored string contains a backslash (\) or a single or double quote. In that case, when I retrieve the cookie it comes with 3 extra backslashes. Example:

 

I store Sam's and I get back Sam\\\'s

 

I store Sam\'s and I get back Sam\\\\\\\'s

 

This does not happen when I test locally on my own machine; it only started happening when I moved the site over to TCH for beta testing. I can't strip the backslashes out of the retrieved string, because sometimes I put a backslash in myself, as in the second example. I can't use setrawcookie() because it plain forbids such characters in the first place.

 

Tech support at TCH has declined to help or advise me. What's going on here, and what can I do about it?

Share this post


Link to post
Share on other sites

The backslashes are probably being added because magic quotes is on. Magic quotes automatically escapes all quotes and backslashes in post, get & cookie data. Use stripslashes() to remove the slashes. get_magic_quotes_gpc() will return true if it's enabled, false if not.

Share this post


Link to post
Share on other sites

Welcome to the forums erawlins :)

 

Tech support at TCH has declined to help or advise me. What's going on here, and what can I do about it?

I'm sorry that tech support did not give you an answer to a programming question but I believe that goes beyond the scope of what tech support is supposed to help with. As you have discovered that is why they most likely directed you to the user forums where one of the members was able to answer your question. So in essence they did help you.

Share this post


Link to post
Share on other sites

Thanks, that makes sense. But why am I getting so *many* backslashes -- three, to be exact? I am including this cookie string in a SQL statement, and MySQL doesn't like it at all.

 

I can't stripslashes because the SQL parameter may actually have a quote in it and require a backslash -- for example, "select * from customer where last_name = 'O\'Neill'". Will that work if there are 3 slashes instead of one?

Share this post


Link to post
Share on other sites

Welcome to the forums erawlins :)

 

I am not good as a PHP programmer. But I guess the second slash is added by magiciquotes_gpc while reading back from the cookie file. FYI, gpc stands for get, post, cookie that's it works when any or all of the above methods is called. You can turn off magic quotes by using php_flag in .htaccess. Feel free to ping support if you need assistance in turnig it off for your account.

Share this post


Link to post
Share on other sites

It is somehow being processed by magic quotes twice. Maybe it's a value passed in through POST from a form causing 'O'Neill' to be escaped as 'O\'Neill'. If the value were then written as is to a cookie, when it was later passed back to PHP the backslash (\\) and quote (\') would again be escaped resulting in 'O\\\'Neill', etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×