HOME       >>       Programming

Magic Quotes And $_files


Jared

It recently came upon me that I was designing a website that used file uploads. Of course, PHP was my first choice to solve the problem. I'm pro-PHP and anti-ASP. Perl is somewhere in the middle. But anyway!I have magic_quotes_runtime and magic_quotes_gpc both on and it seems to be causing some problems with file uploads.If a user uploads a file called "Jared's Stuff.txt" (that was one of my tests) then magic_quotes insert a backslash before the apostrophe and $_FILES['file']['name'] becomes "'s Stuff.txt" since the backslash is interpreted as part of the path.Is there any way I can fix this without disabling magic_quotes_gpc?Thanks,Jared


Mordent

I've a feeling you can use stripslashes() somehow, although how you make it act on the file is a little beyond me. I'll have to look in to it to see for myself, as I've never actually tried uploading anything with apostrophes in its name. If no one's looked at this by this evening I'll most likely have a tinker with PHP to see what I can come up with while patiently waiting for someone to look at my support ticket to get my hosting back up.


Jared

I've thought about stripslashes (), but I don't think it's helpful in this case... stripping the slashes out of 's Stuff is still 's Stuff. And before my script is even processed all the $_FILES data is already set. So unfortunately it wouldn't be possible to strip the slashes out before the data is stored in the array. And also there is no set_magic_quotes_gpc () function to get rid of the magic quotes for the $_FILES array.

 

I am truly clueless.


TavoxPeru

I've thought about stripslashes (), but I don't think it's helpful in this case... stripping the slashes out of 's Stuff is still 's Stuff. And before my script is even processed all the $_FILES data is already set. So unfortunately it wouldn't be possible to strip the slashes out before the data is stored in the array. And also there is no set_magic_quotes_gpc () function to get rid of the magic quotes for the $_FILES array.

 

I am truly clueless.

When i need to handle strings that must be escaped or not, I use a function that first tests if the Magic quotes is on with the get_magic_quotes_gpc() function, if it is true simply returns the string and if it is false it returns the string escaped with the mysql_real_escape_string() function.

 

<?phpfunction safeEscapeString($string){ if (get_magic_quotes_gpc()) { return $string; } else { return mysql_real_escape_string($string); }}?>
This function works perfect if you need to insert or update your database data and as i just discover it does not work with uploaded files, so, to work with files you only need to add the stripslashes() function to the Magic quotes test.

 

<?phpfunction safeEscapeString1($string){ if (get_magic_quotes_gpc()) { return stripslashes($string); } else { return mysql_real_escape_string($string); }}?>
I hope it helps you and BTW I test this code only with Internet Explorer 6 on a server running PHP 5.2.5.

 

Also the Magic Quotes feature has been removed from PHP 6.0.0:

 

Warning

 

This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Best regards,


VIEW DESKTOP VERSION REGISTERGET FREE HOSTING

Xisto.com offers Free Web Hosting to its Members for their participation in this Community. We moderate all content posted here but we cannot warrant full correctness of all content. While using this site, you agree to have read and accepted our terms of use, cookie and privacy policy. Copyright 2001-2019 by Xisto Corporation. All Rights Reserved.